[ https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672306#comment-15672306 ]
ASF subversion and git services commented on NIFI-2943: ------------------------------------------------------- Commit e5eda6370510337a1660008f80bf7ebf4a0ba288 in nifi's branch refs/heads/master from [~bryanrosan...@gmail.com] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=e5eda63 ] NIFI-2943 - Toolkit uses JKS type over PKCS12 when creating truststore because non-Bouncy Castle providers cannot read certificates from PKCS12 truststore. Peer review feedback (+2 squashed commits) Squashed commits: [0102c8e] NIFI-2943 - Peer review feedback [9bcd495] NIFI-2943 - pkcs12 keystore improvements 1. loading pkcs12 keystores with bouncy castle everywhere 2. tls-toolkit client using jks truststore when keystore type is specified differently 3. tests This closes #1165. Signed-off-by: Andy LoPresto <alopre...@apache.org> > tls-toolkit pkcs12 truststore 0 entries > --------------------------------------- > > Key: NIFI-2943 > URL: https://issues.apache.org/jira/browse/NIFI-2943 > Project: Apache NiFi > Issue Type: Bug > Reporter: Bryan Rosander > Assignee: Bryan Rosander > Priority: Minor > > When pkcs12 is used by the tls-toolkit, the resulting truststore has no > entries when inspected by the keytool and the tls-toolkit certificate > authority certificate is not trusted by NiFi. > This seems to be due to the Java pkcs12 provider not supporting certificate > entries: > http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405 > The Bouncy Castle provider does seem to support certificates but we may not > want to explicitly use that provider from within NiFi. -- This message was sent by Atlassian JIRA (v6.3.4#6332)