Yes, you can manually construct the keystore and truststore files if you know how. The toolkit is provided as a convenience for users who do not have the experience or a dedicated security team to generate those files.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jan 25, 2017, at 6:42 AM, bmichaud <[email protected]> wrote: > > The way I was setting up initial security was with the legacy > authorized-users.xml file. additionally, my certificate keystore.jks has > been and must be generated by a company internal tool. I have done so, and > generated a truststore file using the java keytool, adding trusted entries > for various public keys we use for our company. This has worked fine in > 1.0.0 and prior versions. > > The instructions from Brian Bende suggests that I use the tls toolkit to > generate keystore and truststore, but I just need to append the common > server and the three servers in my cluster. I know that all of these > servers's certificates are included in my keystore file already, so I > believe that I just need to add truststore entries. > > Is the best way to do that to use a plain text PEM file and edit it with a > test editor? > > > > -- > View this message in context: > http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-1-1-1-can-t-start-as-a-cluster-OverlappingFileLockException-tp14486p14518.html > Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
signature.asc
Description: Message signed with OpenPGP using GPGMail
