[GitHub] [nifi] alopresto commented on a change in pull request #4196: NIFI-7341 Updated certificate commands and source code formatting in …

Thu, 09 Apr 2020 10:13:26 -0700 

alopresto commented on a change in pull request #4196: NIFI-7341 Updated 
certificate commands and source code formatting in …
URL: https://github.com/apache/nifi/pull/4196#discussion_r406353162
 
 

 ##########
 File path: nifi-docs/src/main/asciidoc/toolkit-guide.adoc
 ##########
 @@ -1175,9 +1188,8 @@ $ ./bin/tls-toolkit.sh standalone -n 
'node1.nifi.apache.org' \
   * If the DER file only contains the public certificate, use this command:
   ** `openssl x509 -inform der -in cert.der -out cert.pem`
 . To convert from a PKCS12 keystore (`keystore.p12`) containing both the 
public certificate and private key into PEM encoded files (`$PASSWORD` is the 
keystore password):
-  * `openssl pkcs12 -in keystore.p12 -out cert.der -nodes -password 
"pass:$PASSWORD"`
+  * `openssl pkcs12 -in keystore.p12 -nodes -clcerts -nokeys -out cert.pem  
-password "pass:$PASSWORD"`
   * `openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.key -password 
"pass:$PASSWORD"`
-  * Follow the steps above to convert `cert.der` to `cert.pem`
 . To convert from a Java Keystore (`keystore.jks`) containing private key into 
PEM encoded files (`$P12_PASSWORD` is the PKCS12 keystore password, 
`$JKS_PASSWORD` is the Java keystore password you want to set, and `$ALIAS` can 
be any value -- the NiFi default is `nifi-key`):
   * `keytool -importkeystore -srckeystore keystore.jks -destkeystore 
keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -destkeypass 
"$P12_PASSWORD" -deststorepass "$P12_PASSWORD" -srcstorepass "$JKS_PASSWORD" 
-srcalias "$ALIAS" -destalias "$ALIAS"`
   * Follow the steps above to convert from `keystore.p12` to `cert.pem` and 
`key.key`
 
 Review comment:
   No, the command I updated above removes the need for the follow-on 
conversion, but this command still results in a PKCS12 keystore, which would 
need to be converted to the component PEM files using those steps. Thanks. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to