[
https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668134#comment-15668134
]
ASF GitHub Bot commented on NIFI-2943:
--------------------------------------
Github user brosander commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1165#discussion_r88102064
--- Diff:
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/BaseCommandLine.java
---
@@ -202,6 +206,10 @@ protected CommandLine doParse(String[] args) throws
CommandLineParseException {
keySize = getIntValue(commandLine, KEY_SIZE_ARG,
TlsConfig.DEFAULT_KEY_SIZE);
keyAlgorithm = commandLine.getOptionValue(KEY_ALGORITHM_ARG,
TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
keyStoreType = commandLine.getOptionValue(KEY_STORE_TYPE_ARG,
getKeyStoreTypeDefault());
+ if
(KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType)) {
+ logger.info("Command line argument --" +
KEY_STORE_TYPE_ARG + "=" + keyStoreType + " only applies to keyStore,
recommended trustStore type of " + KeystoreType.JKS.toString() +
--- End diff --
+1
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no
> entries when inspected by the keytool and the tls-toolkit certificate
> authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate
> entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not
> want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
