Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3.0
Description
Similar to the way the TLS Toolkit can generate multiple certificates with one command through parsing some minimal regular expression syntax in the hostname field, the SAN field should be processed the same way. Currently, a command which generates three hosts via -n "server[1-3].com" cannot have the corresponding SAN entries provided inline. Once NIFI-4222 is implemented, the hostname will be present in the SAN list by default, but if there are additional desired entries, the command must be split and run individually.
Example:
Desired hostname | Desired SAN |
---|---|
server1.com | server1.com, otherserver1.com |
server2.com | server2.com, otherserver2.com |
server3.com | server3.com, otherserver3.com |
$ ./bin/tls-toolkit.sh standalone -n "server[1-3].com" --subjectAlternativeNames "otherserver[1-3].com"
Currently, this must be run as:
$ ./bin/tls-toolkit.sh standalone -n "server1.com" --subjectAlternativeNames "otherserver1.com" $ ./bin/tls-toolkit.sh standalone -n "server2.com" --subjectAlternativeNames "otherserver2.com" $ ./bin/tls-toolkit.sh standalone -n "server3.com" --subjectAlternativeNames "otherserver3.com"
The ranges should be checked for length equality, but need not necessarily be identical. For example:
$ ./bin/tls-toolkit.sh standalone -n "server[1-3].com" --subjectAlternativeNames "otherserver[4-6].com"
Today, if you don't care about SAN values, this is achievable with:
$ ./bin/tls-toolkit.sh standalone -n "server[1-3].com"