You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/08/01 01:59:00 UTC
[jira] [Commented] (NIFI-5473) Add documentation for using
intermediate CA with TLS toolkit
[ https://issues.apache.org/jira/browse/NIFI-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564622#comment-16564622 ]
ASF GitHub Bot commented on NIFI-5473:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2927
@pepov I was able to reproduce this. I can resolve the error you get by converting the TinyCert private key from PKCS #8 PEM format to PKCS #1 PEM format (converting from a wrapper containing the DER structure to the raw RSA key). Once this is done, there is still an error because of `Error creating generating tls configuration. (certificate does not verify with supplied key)` which is basically saying that the `nifi-cert.pem` isn't signed by itself, which is to be expected. I opened [NIFI-5476](https://issues.apache.org/jira/browse/NIFI-5476) to implement this.
> Add documentation for using intermediate CA with TLS toolkit
> ------------------------------------------------------------
>
> Key: NIFI-5473
> URL: https://issues.apache.org/jira/browse/NIFI-5473
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website, Security, Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, documentation, security, tls, tls-toolkit
>
> With some manual work, the TLS toolkit can be used with a pre-existing certificate and private key that has been signed by an organization's certificate authority (CA) to sign toolkit-generated certificates. The Admin Guide should be improved to cover the necessary steps.
> When the separate "Security Guide" / "Toolkit Guide" is created, this content should be migrated there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)