Hi Thomas,

Currently the tls-toolkit can be used in either standalone or client/server
mode.  Standalone has a couple of ease-of-use advantages such as being able
to be run from a single location to generate keystores and truststores as
well as nifi.properties files for the whole NiFi cluster.  If it meets your
requirements, it's probably the easier choice at this point.

Client/server is more appropriate when you're provisioning a cluster that
you don't know the size of in advance and would like to be able to have
nodes request their own certificates on-demand using a shared secret for
authentication.  This usecase requires more custom tooling (to integrate
the config.json into nifi.properties, locate CA server, etc) and will
hopefully be easier in future releases.

You can find some documentation in the admin guide (
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#tls-generation-toolkit),
developer level documentation in the developer guide (
https://nifi.apache.org/docs/nifi-docs/html/developer-guide.html#tls-toolkit)
and there is usage information in the toolkit itself.


tls-toolkit.sh -h

tls-toolkit.sh standalone -h

tls-toolkit.sh server -h

tls-toolkit.sh client -h


Thanks,

Bryan

On Sep 21, 2016 10:57 PM, "Tijo Thomas" <tijopara...@yahoo.in> wrote:

> Hi
>
> Can any one guide on how to use tls toolkit.  In the code I found that
> there are 3  services.  Standalone,  server and  client.
> I created a cluster with Standalone service by following  a blog.
>  but not sure where client and server  will be used.
>
> Any doc on this is highly appreciated
>
>
>
> Sent from Yahoo Mail on Android
> <https://overview.mail.yahoo.com/mobile/?.src=Android>
>

Reply via email to