You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by Matthew Wilson <wi...@yahoo.com.au.INVALID> on 2024/02/17 03:00:29 UTC
NiFi Manual Keystore - Generate cluster node certificate chain
Hi Devs,
Recently found that in the steps to create Manual Keystore the step 6 for "Generate cluster node certificate chain" currently shows as:
cat ca.cer nifi1.cer >nifi1.chain.cercat ca.cer nifi2.cer >nifi2.chain.cer
However this creates the chain.cer files incorrectly which generates the error :error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:408:
When running step 8 "Generate cluster node keystore"
Correct syntax for step 6 that works is below:
cat nifi1.cer ca.cer >nifi1.chain.cercat nifi2.cer ca.cer >nifi2.chain.cer
Reference URL Page: https://nifi.apache.org/documentation/nifi-2.0.0-M2/html/walkthroughs.html#manual-keystore
Please review and correct documentation as appropriate. If you need more, information let me know.
Kind Regards,
Matthew WilsonEmail: wilsonmpp@yahoo.com.au
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorised to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.
Re: NiFi Manual Keystore - Generate cluster node certificate chain
Posted by Matthew Hawkins <ha...@gmail.com>.
A reminder I tossed up a gist over here with a java keytool version of a
local CA with a NiFi bent:
https://gist.github.com/hawko2600/922b727634784614465b83e52ec2be52
For clusters, you just need a key per host and share them around the common
truststore.jks
Consider it Apache License 2.0.
On Mon, 19 Feb 2024, 11:04 Paul Grey, <gr...@gmail.com> wrote:
> Matthew,
>
> Thanks much for identifying this issue with the documentation. I see the
> same error message when running step 8. I've created a JIRA and a pull
> request to correct the documentation.
>
> https://issues.apache.org/jira/browse/NIFI-12814
> https://github.com/apache/nifi/pull/8424
>
> On Fri, Feb 16, 2024 at 10:05 PM Matthew Wilson
> <wi...@yahoo.com.au.invalid> wrote:
>
> > Hi Devs,
> > Recently found that in the steps to create Manual Keystore the step 6 for
> > "Generate cluster node certificate chain" currently shows as:
> > cat ca.cer nifi1.cer >nifi1.chain.cercat ca.cer nifi2.cer
> >nifi2.chain.cer
> >
> > However this creates the chain.cer files incorrectly which generates the
> > error :error:05800074:x509 certificate
> routines:X509_check_private_key:key
> > values mismatch:crypto/x509/x509_cmp.c:408:
> > When running step 8 "Generate cluster node keystore"
> > Correct syntax for step 6 that works is below:
> > cat nifi1.cer ca.cer >nifi1.chain.cercat nifi2.cer ca.cer
> >nifi2.chain.cer
> > Reference URL Page:
> >
> https://nifi.apache.org/documentation/nifi-2.0.0-M2/html/walkthroughs.html#manual-keystore
> >
> > Please review and correct documentation as appropriate. If you need
> more,
> > information let me know.
> >
> >
> > Kind Regards,
> > Matthew WilsonEmail: wilsonmpp@yahoo.com.au
> >
> > This e-mail may contain confidential and privileged material for the sole
> > use of the intended recipient. Any review, use, distribution or
> disclosure
> > by others is strictly prohibited. If you are not the intended recipient
> (or
> > authorised to receive for the recipient), please contact the sender by
> > reply e-mail and delete all copies of this message.
>
Re: NiFi Manual Keystore - Generate cluster node certificate chain
Posted by Paul Grey <gr...@gmail.com>.
Matthew,
Thanks much for identifying this issue with the documentation. I see the
same error message when running step 8. I've created a JIRA and a pull
request to correct the documentation.
https://issues.apache.org/jira/browse/NIFI-12814
https://github.com/apache/nifi/pull/8424
On Fri, Feb 16, 2024 at 10:05 PM Matthew Wilson
<wi...@yahoo.com.au.invalid> wrote:
> Hi Devs,
> Recently found that in the steps to create Manual Keystore the step 6 for
> "Generate cluster node certificate chain" currently shows as:
> cat ca.cer nifi1.cer >nifi1.chain.cercat ca.cer nifi2.cer >nifi2.chain.cer
>
> However this creates the chain.cer files incorrectly which generates the
> error :error:05800074:x509 certificate routines:X509_check_private_key:key
> values mismatch:crypto/x509/x509_cmp.c:408:
> When running step 8 "Generate cluster node keystore"
> Correct syntax for step 6 that works is below:
> cat nifi1.cer ca.cer >nifi1.chain.cercat nifi2.cer ca.cer >nifi2.chain.cer
> Reference URL Page:
> https://nifi.apache.org/documentation/nifi-2.0.0-M2/html/walkthroughs.html#manual-keystore
>
> Please review and correct documentation as appropriate. If you need more,
> information let me know.
>
>
> Kind Regards,
> Matthew WilsonEmail: wilsonmpp@yahoo.com.au
>
> This e-mail may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorised to receive for the recipient), please contact the sender by
> reply e-mail and delete all copies of this message.