[
https://issues.apache.org/jira/browse/NIFI-5476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16567990#comment-16567990
]
ASF GitHub Bot commented on NIFI-5476:
--------------------------------------
Github user pepov commented on the issue:
https://github.com/apache/nifi/pull/2935
I've tested it manually and ran the unit tests as well. I wanted to ask
whether we could make the error message more user friendly but then found
myself trying to find out whether we can make life easier by making the
conversion automatically. I would find this useful, because for me it wasn't
trivial at all to find out the problem with the PKCS#8 unencrypted key file, it
just looks very much the same as the PKCS#1 format (except the RSA word of
course).
If you agree to add this, here is my attempt to do the conversion:
https://github.com/pepov/nifi/commit/77256af2bb3178f19b71ab82d398cd7288f7bb55
Otherwise LGTM
> Enable TLS Toolkit (standalone) to sign certificates with external CA
> certificate
> ---------------------------------------------------------------------------------
>
> Key: NIFI-5476
> URL: https://issues.apache.org/jira/browse/NIFI-5476
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security, Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, pem, pkcs1, pkcs8, pki, security, tls,
> tls-toolkit
>
> The TLS Toolkit can sign certificates using a public certificate and private
> key generated and signed elsewhere by injecting them into the
> {{nifi-cert.pem}} and {{nifi-key.key}} files as long as they are in the
> proper format and self-signed. The toolkit should be enhanced to handle PKCS
> #8 formatted private keys (in addition to the PKCS #1 formatted keys it
> handles now) and to allow for non self-signed certificates.
> To verify this, use certificates generated by
> [TinyCert|https://tinycert.org].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
