[ https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672293#comment-15672293 ]
ASF GitHub Bot commented on NIFI-2943: -------------------------------------- Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/1165 The logging issue was resolved by [NIFI-3049](https://issues.apache.org/jira/browse/NIFI-3049) and [PR 1237](https://github.com/apache/nifi/pull/1237). Verified `contrib-check` and all tests pass. Ran toolkit and logging output for PKCS12 truststore type is correct. Then ran application and was able to connect using client certificate as per usual. ``` hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT (pr1165) alopresto 🔓 46s @ 16:23:25 $ ./bin/tls-toolkit.sh standalone -n 'localhost' -T PKCS12 -P password -S password 2016/11/16 16:29:40 INFO [main] org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine: Command line argument --keyStoreType=PKCS12 only applies to keystore, recommended truststore type of JKS unaffected. 2016/11/16 16:29:40 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine: No nifiPropertiesFile specified, using embedded one. 2016/11/16 16:29:41 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Running standalone certificate generation with output directory ../nifi-toolkit-1.1.0-SNAPSHOT 2016/11/16 16:29:41 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Generated new CA certificate ../nifi-toolkit-1.1.0-SNAPSHOT/nifi-cert.pem and key ../nifi-toolkit-1.1.0-SNAPSHOT/nifi-key.key 2016/11/16 16:29:41 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Writing new ssl configuration to ../nifi-toolkit-1.1.0-SNAPSHOT/localhost 2016/11/16 16:29:42 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: Successfully generated TLS configuration for localhost 1 in ../nifi-toolkit-1.1.0-SNAPSHOT/localhost 2016/11/16 16:29:42 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: No clientCertDn specified, not generating any client certificates. 2016/11/16 16:29:42 INFO [main] org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone: tls-toolkit standalone completed successfully hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT (pr1165) alopresto 🔓 377s @ 16:29:43 $ ll localhost/ total 40 drwx------ 5 alopresto staff 170B Nov 16 16:29 ./ drwxr-xr-x 11 alopresto staff 374B Nov 16 16:29 ../ -rw------- 1 alopresto staff 3.4K Nov 16 16:29 keystore.pkcs12 -rw------- 1 alopresto staff 8.6K Nov 16 16:29 nifi.properties -rw------- 1 alopresto staff 911B Nov 16 16:29 truststore.jks hw12203:...assembly/target/nifi-toolkit-1.1.0-SNAPSHOT-bin/nifi-toolkit-1.1.0-SNAPSHOT (pr1165) alopresto 🔓 17s @ 16:30:01 $ ``` Squashed, merged, and closed. > tls-toolkit pkcs12 truststore 0 entries > --------------------------------------- > > Key: NIFI-2943 > URL: https://issues.apache.org/jira/browse/NIFI-2943 > Project: Apache NiFi > Issue Type: Bug > Reporter: Bryan Rosander > Assignee: Bryan Rosander > Priority: Minor > > When pkcs12 is used by the tls-toolkit, the resulting truststore has no > entries when inspected by the keytool and the tls-toolkit certificate > authority certificate is not trusted by NiFi. > This seems to be due to the Java pkcs12 provider not supporting certificate > entries: > http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405 > The Bouncy Castle provider does seem to support certificates but we may not > want to explicitly use that provider from within NiFi. -- This message was sent by Atlassian JIRA (v6.3.4#6332)