Hi Thomas, Currently the tls-toolkit can be used in either standalone or client/server mode. Standalone has a couple of ease-of-use advantages such as being able to be run from a single location to generate keystores and truststores as well as nifi.properties files for the whole NiFi cluster. If it meets your requirements, it's probably the easier choice at this point.
Client/server is more appropriate when you're provisioning a cluster that you don't know the size of in advance and would like to be able to have nodes request their own certificates on-demand using a shared secret for authentication. This usecase requires more custom tooling (to integrate the config.json into nifi.properties, locate CA server, etc) and will hopefully be easier in future releases. You can find some documentation in the admin guide ( https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#tls-generation-toolkit), developer level documentation in the developer guide ( https://nifi.apache.org/docs/nifi-docs/html/developer-guide.html#tls-toolkit) and there is usage information in the toolkit itself. tls-toolkit.sh -h tls-toolkit.sh standalone -h tls-toolkit.sh server -h tls-toolkit.sh client -h Thanks, Bryan On Sep 21, 2016 10:57 PM, "Tijo Thomas" <[email protected]> wrote: > Hi > > Can any one guide on how to use tls toolkit. In the code I found that > there are 3 services. Standalone, server and client. > I created a cluster with Standalone service by following a blog. > but not sure where client and server will be used. > > Any doc on this is highly appreciated > > > > Sent from Yahoo Mail on Android > <https://overview.mail.yahoo.com/mobile/?.src=Android> >
