Github user pvillard31 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2870#discussion_r201246258
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -164,6 +164,16 @@ accomplished by setting the `nifi.remote.input.secure`
and `nifi.cluster.protoco
In order to facilitate the secure setup of NiFi, you can use the
`tls-toolkit` command line utility to automatically generate the required
keystores, truststore, and relevant configuration files. This is especially
useful for securing multiple NiFi nodes, which can be a tedious and error-prone
process.
+Wildcard certificates (i.e. two nodes `node1.nifi.apache.org` and
`node2.nifi.apache.org` being assigned the same certificate with a CN or SAN
entry of +*.nifi.apache.org+) are *not officially supported* and *not
recommended*. There are numerous disadvantages to using wildcard certificates,
and a cluster working with wildcard certificates has occurred in previous
versions out of lucky accidents, not intentional support.
--- End diff --
@alopresto - I agree with you that wildcard certificates should be avoided,
but I just want to clarify something for my own curiosity. Let's say we have:
- Node 1 (certificate with CN=`node1.nifi.apache.org`,
SAN=`*.nifi.apache.org`)
- Node 2 (certificate with CN=`node2.nifi.apache.org`,
SAN=`*.nifi.apache.org`)
That would not cause any issue regarding how NiFi clustering is working,
right? Because we would have a unique DN for every node. I imagine people could
have such certificates because, for instance, they don't know in advance what
would be the hostname of a load balancer in front of NiFi.
Having said that, I agree that it's a security concern in case a
certificate is compromised.
---
