Henk, Thanks for following up and documenting this. I believe the deployment script is something custom you built, and not an artifact we offer, correct? We definitely made some improvements to the toolkit in 1.6.0, so the errors are clearer now. The minimum password length being enforced should have been called out in the migration guidance [1] and release notes [2], and we will try to make those types of changes more apparent in the future as well.
[1] https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance <https://cwiki.apache.org/confluence/display/NIFI/Migration+Guidance> [2] https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.6.0 <https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.6.0> Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jun 11, 2018, at 12:43 PM, Henk Reder <[email protected]> wrote: > > In response to this > <http://mail-archives.apache.org/mod_mbox/nifi-dev/201806.mbox/%3CCALj3mbCx4uJJKJWuP%2BTwV562Cr4-X%3D3v31tP-0WJQ0kQq-vyZg%40mail.gmail.com%3E> > : > > Hey again, > > I resolved the problem with the ca-server. It was a combination of two > problems. One, the deployment script was getting the latest version of nifi > (1.6.0) but an earlier version of TLS Toolkit (1.5.0), that's why the > message wasn't coming through. There was a version mismatch, and the > messages just don't come through on the earlier version of the tool. > > Once I got the latest version of TLS toolkit the error message came > through. There was a new restriction on the passphrase (16 bytes or > larger). Once I generated a longer passphrase the certs became valid again. > > Thanks for everyones concern, this stuff is definitely not simple but > having an active and open community helps a ton. Everyones input is very > much appreciated! > > Henk
signature.asc
Description: Message signed with OpenPGP using GPGMail
