David,
Sadly, this is my experience. "changeit" works for me. And I tried
reconfiguring the three passwords in
/StandardRestrictedSSLContextService/ to no avail.
~/dev/nifi/nifi-1.15.0/conf $ *keytool -list -v -keystore
mdmi-keystore.jks*
Enter keystore password: *changeit*
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mdmi
Creation date: Jul 20, 2022
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=windofkeltia.com, OU=Unknown, O=Wind of Keltia, L=Provo,
ST=UT, C=US
Issuer: CN=windofkeltia.com, OU=Unknown, O=Wind of Keltia, L=Provo,
ST=UT, C=US
Serial number: 1e7288f7
Valid from: Wed Jul 20 15:39:23 MDT 2022 until: Thu Jul 20 15:39:23
MDT 2023
Certificate fingerprints:
SHA1: B9:58:6E:C1:0D:DA:1D:CF:7D:02:16:54:F2:FA:1F:C4:19:01:F5:1B
SHA256:
FF:0B:3B:4A:59:69:9B:B8:B3:23:1F:4E:72:03:C7:24:11:A9:DF:11:C6:76:89:32:44:F7:12:A4:26:F5:9D:4B
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 69 63 BD 7E 67 A1 EC 0A 54 3C 61 2F 51 D7 64 46
ic..g...T<a/Q.dF
0010: FB F1 37 E2 ..7.
]
]
*******************************************
*******************************************
~/dev/nifi/nifi-1.15.0/conf $ *keytool -list -v -keystore
mdmi-truststore.jks*
Enter keystore password: *changeit*
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: mdmi
Creation date: Jul 21, 2022
Entry type: trustedCertEntry
Owner: CN=windofkeltia.com, OU=Unknown, O=Wind of Keltia, L=Provo,
ST=UT, C=US
Issuer: CN=windofkeltia.com, OU=Unknown, O=Wind of Keltia, L=Provo,
ST=UT, C=US
Serial number: 1e7288f7
Valid from: Wed Jul 20 15:39:23 MDT 2022 until: Thu Jul 20 15:39:23
MDT 2023
Certificate fingerprints:
SHA1: B9:58:6E:C1:0D:DA:1D:CF:7D:02:16:54:F2:FA:1F:C4:19:01:F5:1B
SHA256:
FF:0B:3B:4A:59:69:9B:B8:B3:23:1F:4E:72:03:C7:24:11:A9:DF:11:C6:76:89:32:44:F7:12:A4:26:F5:9D:4B
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 69 63 BD 7E 67 A1 EC 0A 54 3C 61 2F 51 D7 64 46
ic..g...T<a/Q.dF
0010: FB F1 37 E2 ..7.
]
]
*******************************************
*******************************************
On 7/21/22 08:01, David Handermann wrote:
Hi Russell,
Thanks for describing the steps used to generate the keystore and
truststore files.
The validation warnings on StandardRestrictedSSLContextService appear
to indicate that the configured password properties do not match the
keystore and truststore passwords.
It would be helpful to enter the password properties again and confirm
that there are no trailing spaces.
The following keytool commands can also be used to verify the passwords:
keytool -list -v -keystore mdmi-keystore.jks
keytool -list -v -keystore mdmi-truststore.jks
The configuration appears to be correct, so confirming the password on
both files is a good next step.
