[
https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612813#comment-15612813
]
Andy LoPresto commented on NIFI-2943:
-------------------------------------
This is good to know and document, but we can't expect users to be aware of
this. If they search online for "use keytool to check truststore", the vast
majority of instructions will not include this information.
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no
> entries when inspected by the keytool and the tls-toolkit certificate
> authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate
> entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not
> want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
