Support Questions
Find answers, ask questions, and share your expertise

Can't add SAN (SubjectAlternativeName) to a Java KeyStore. CSR contains SAN, but when importing to JKS it loses its SAN extension.

Explorer

I've heard this is a "bug" with openssl/keytool. I'm following MattWho's article found here: How to create user generated keys for securing NiFi.

I'm getting the following error on my NiFi WebUI: 

 

Hostname nifi.taco.net not verified:
certificate: sha256/5REuJXk5ayT2nW5J89AfpW/G3OzXY9lF4n2vE3OxHlE=
DN: CN=nifi.taco.net, OU=project taco, O=taco, L=taco, ST=texas, C=US subjectAltNames: []

I'm guessing this is either because of the SAN info being removed when I use x509, or perhaps a misconfiguration in the Cloudera Flow Management NiFi Node config??

1 REPLY 1

Explorer

[The following question was moved here because it was posted 12-02-2019 04:48 PM to a thread marked 'Solved' 11-18-2019 05:49 AM —moderator]

 

How did you add a SAN extension and have it not get removed when adding the key to your JKS file? I never figured this out. Even When using Nifi Toolkit CA, the certs that are generated don't contain SAN. Soooo... still confused on this!

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.