[
https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15666008#comment-15666008
]
ASF GitHub Bot commented on NIFI-2943:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1165
I think we should provide log output indicating that the user's choice of
PKCS12 is not used for truststores.
```
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(pr1165) alopresto
🔓 46s @ 19:28:29 $ ./bin/tls-toolkit.sh standalone -n 'localhost' -T PKCS12
-P password -S password
2016-11-14 19:52:11,629 INFO [main]
o.a.n.t.t.s.TlsToolkitStandaloneCommandLine No nifiPropertiesFile specified,
using embedded one.
2016-11-14 19:52:11,956 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone
Running standalone certificate generation with output directory
../nifi-toolkit-1.1.0-SNAPSHOT
2016-11-14 19:52:12,407 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone
Generated new CA certificate ../nifi-toolkit-1.1.0-SNAPSHOT/nifi-cert.pem and
key ../nifi-toolkit-1.1.0-SNAPSHOT/nifi-key.key
2016-11-14 19:52:12,408 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone
Writing new ssl configuration to ../nifi-toolkit-1.1.0-SNAPSHOT/localhost
2016-11-14 19:52:13,382 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone
Successfully generated TLS configuration for localhost 1 in
../nifi-toolkit-1.1.0-SNAPSHOT/localhost
2016-11-14 19:52:13,382 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone No
clientCertDn specified, not generating any client certificates.
2016-11-14 19:52:13,382 INFO [main] o.a.n.t.t.s.TlsToolkitStandalone
tls-toolkit standalone completed successfully
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(pr1165) alopresto
🔓 1424s @ 19:52:14 $ ll localhost/
total 40
drwx------ 5 alopresto staff 170B Nov 14 19:52 ./
drwxr-xr-x 11 alopresto staff 374B Nov 14 19:52 ../
-rw------- 1 alopresto staff 3.4K Nov 14 19:52 keystore.pkcs12
-rw------- 1 alopresto staff 8.5K Nov 14 19:52 nifi.properties
-rw------- 1 alopresto staff 911B Nov 14 19:52 truststore.jks
hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT
(pr1165) alopresto
🔓 196s @ 19:55:31 $
```
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no
> entries when inspected by the keytool and the tls-toolkit certificate
> authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate
> entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not
> want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
