[
https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612539#comment-15612539
]
Bryan Rosander commented on NIFI-2943:
--------------------------------------
If you tell the keytool to use Bouncy Castle, it can see the truststore entry:
{code}
keytool -list -keystore truststore.pkcs12 -providername BC -providerpath
../../nifi-toolkit-1.1.0-SNAPSHOT/lib/bcprov-jdk15on-1.54.jar -providerclass
org.bouncycastle.jce.provider.BouncyCastleProvider -storetype PKCS12 -storepass
CHANGE
Keystore type: PKCS12
Keystore provider: BC
Your keystore contains 1 entry
nifi-cert, Oct 27, 2016, trustedCertEntry,
Certificate fingerprint (SHA1):
FA:33:64:AC:0A:34:2B:B8:2D:27:DA:96:4F:7A:FB:72:FF:D4:DB:9
{code}
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no
> entries when inspected by the keytool and the tls-toolkit certificate
> authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate
> entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not
> want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
