[jira] [Commented] (NIFI-5399) Improve documentation to indicate that wildcard certificates are not recommended for cluster communications

Tue, 10 Jul 2018 00:50:42 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16538204#comment-16538204
 ] 

ASF GitHub Bot commented on NIFI-5399:
--------------------------------------

Github user pvillard31 commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2870#discussion_r201246258
  
    --- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
    @@ -164,6 +164,16 @@ accomplished by setting the `nifi.remote.input.secure` 
and `nifi.cluster.protoco
     
     In order to facilitate the secure setup of NiFi, you can use the 
`tls-toolkit` command line utility to automatically generate the required 
keystores, truststore, and relevant configuration files. This is especially 
useful for securing multiple NiFi nodes, which can be a tedious and error-prone 
process.
     
    +Wildcard certificates (i.e. two nodes `node1.nifi.apache.org` and 
`node2.nifi.apache.org` being assigned the same certificate with a CN or SAN 
entry of +*.nifi.apache.org+) are *not officially supported* and *not 
recommended*. There are numerous disadvantages to using wildcard certificates, 
and a cluster working with wildcard certificates has occurred in previous 
versions out of lucky accidents, not intentional support.
    --- End diff --
    
    @alopresto - I agree with you that wildcard certificates should be avoided, 
but I just want to clarify something for my own curiosity. Let's say we have:
    - Node 1 (certificate with CN=`node1.nifi.apache.org`, 
SAN=`*.nifi.apache.org`)
    - Node 2 (certificate with CN=`node2.nifi.apache.org`, 
SAN=`*.nifi.apache.org`)
    
    That would not cause any issue regarding how NiFi clustering is working, 
right? Because we would have a unique DN for every node. I imagine people could 
have such certificates because, for instance, they don't know in advance what 
would be the hostname of a load balancer in front of NiFi.
    
    Having said that, I agree that it's a security concern in case a 
certificate is compromised.


> Improve documentation to indicate that wildcard certificates are not 
> recommended for cluster communications
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-5399
>                 URL: https://issues.apache.org/jira/browse/NIFI-5399
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation & Website
>    Affects Versions: 1.7.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Major
>              Labels: certificate, cluster, documentation, security, tls
>
> Based on the research from NIFI-5370 and potential changes in NIFI-5398, the 
> Admin Guide should be improved to explain why wildcard certificates without a 
> unique SAN are not recommended for secure cluster configurations. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to