[
https://issues.apache.org/jira/browse/NIFI-2959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612957#comment-15612957
]
Bryan Rosander commented on NIFI-2959:
--------------------------------------
Client mode does log DN but could be clearer about it ex:
{code}
2016-10-27 15:12:10,319 INFO [main]
o.a.n.t.t.s.c.TlsCertificateSigningRequestPerformer Got certificate with dn
CN=localhost, OU=NIFI
{code}
Standalone needs similar logging and they both need to be clearer about what
should be copied to authorizers.xml
> TLS Toolkit should provide the correct DN to authorizers.xml for the Initial
> Admin Identity
> -------------------------------------------------------------------------------------------
>
> Key: NIFI-2959
> URL: https://issues.apache.org/jira/browse/NIFI-2959
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Tools and Build
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Labels: security, tls-toolkit
>
> Users frequently experience a user permission error when trying to access a
> secured instance of NiFi after using the TLS toolkit to create a client
> certificate because the whitespace formatting of the provided DN differs from
> the resulting certificate subject. The toolkit should output a clear log line
> with the exact string that should be copied to {{authorizers.xml}} *Initial
> Admin Identity* when a client certificate is generated, and if a special flag
> is invoked during the command line call, the provided {{authorizers.xml}}
> should be updated directly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
