Support Questions

Find answers, ask questions, and share your expertise

nifi ssl cluster best practices

New Contributor

I am trying to understand, If I can setup a multiple node SSL Cluster with a Certificate signed by my organization without the need of adding each node as a SAN to the certificate.

Coz we keep adding nodes to the cluster, and I want to avoid asking for a updated Certificate with a new node added to SAN.

Currently I am setting the following properties in as the fqdn or the ip

And setting the proxy host with the cname

And inside my authorizers.xml, I am adding the cname as the initial node/user identity

    <property name="Initial User Identity 4">, OU=nifi, O=Unknown, L=Unknown,        ST=Unknown, C=Unknown</property> 
    <property name="Node Identity 3">, OU=nifi, O=Unknown, L=Unknown, ST=Unknown, C=Unknown</property>

Currently I am adding the <ip> of all the nodes in the cluster, to the cert's SAN to make it work.

Responses will be appreciated.Thanks


@Vinit Sacheti, just F.Y.I…you submitted a question substantially similar to the above post with the title nifi ssl cluster avoid adding host to san that was rejected by the moderators of HCC, on the grounds that it was essentially a duplicate of the above.

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.