Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1355

Provide dynamic code-generated certificates for HTTP tests to avoid expiry

    XMLWordPrintableJSON

Details

    Description

      As documented, the test certificates/keys used in the TestInvokeHttp and TestInvokeHttpSSL tests expired in 2014. With the constant removal of non-certificate based cipher suites from client libraries, the lack of valid certificates meant that the Jetty server could not offer any compatible cipher suites, and the tests failed. I manually generated and loaded new certificates but they expire after 1 year. Adding code to dynamically generate and load these certificates into the keystore and truststore would remove this inconsistent blocker.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1354 InvokeHTTP test certificates have expired

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NIFI-5622 Test certificates require SAN values

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4767

          Web Link GitHub Pull Request #4801

          Activity

            People

              mtien Margot Tien
              alopresto Andy LoPresto
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 8h
                  8h