You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by bmichaud <be...@optum.com> on 2017/01/25 14:42:48 UTC
Re: NiFi 1.1.1 proxy authorization error
The way I was setting up initial security was with the legacy
authorized-users.xml file. additionally, my certificate keystore.jks has
been and must be generated by a company internal tool. I have done so, and
generated a truststore file using the java keytool, adding trusted entries
for various public keys we use for our company. This has worked fine in
1.0.0 and prior versions.
The instructions from Brian Bende suggests that I use the tls toolkit to
generate keystore and truststore, but I just need to append the common
server and the three servers in my cluster. I know that all of these
servers's certificates are included in my keystore file already, so I
believe that I just need to add truststore entries.
Is the best way to do that to use a plain text PEM file and edit it with a
test editor?
--
View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-1-1-1-can-t-start-as-a-cluster-OverlappingFileLockException-tp14486p14518.html
Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.
Re: NiFi 1.1.1 proxy authorization error
Posted by Andy LoPresto <al...@apache.org>.
Yes, you can manually construct the keystore and truststore files if you know how. The toolkit is provided as a convenience for users who do not have the experience or a dedicated security team to generate those files.
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Jan 25, 2017, at 6:42 AM, bmichaud <be...@optum.com> wrote:
>
> The way I was setting up initial security was with the legacy
> authorized-users.xml file. additionally, my certificate keystore.jks has
> been and must be generated by a company internal tool. I have done so, and
> generated a truststore file using the java keytool, adding trusted entries
> for various public keys we use for our company. This has worked fine in
> 1.0.0 and prior versions.
>
> The instructions from Brian Bende suggests that I use the tls toolkit to
> generate keystore and truststore, but I just need to append the common
> server and the three servers in my cluster. I know that all of these
> servers's certificates are included in my keystore file already, so I
> believe that I just need to add truststore entries.
>
> Is the best way to do that to use a plain text PEM file and edit it with a
> test editor?
>
>
>
> --
> View this message in context: http://apache-nifi-developer-list.39713.n7.nabble.com/NiFi-1-1-1-can-t-start-as-a-cluster-OverlappingFileLockException-tp14486p14518.html
> Sent from the Apache NiFi Developer List mailing list archive at Nabble.com.