You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/04/09 15:55:36 UTC

[GitHub] [nifi] andrewmlim commented on a change in pull request #4196: NIFI-7341 Updated certificate commands and source code formatting in …

andrewmlim commented on a change in pull request #4196: NIFI-7341 Updated certificate commands and source code formatting in …
URL: https://github.com/apache/nifi/pull/4196#discussion_r406306683
 
 

 ##########
 File path: nifi-docs/src/main/asciidoc/toolkit-guide.adoc
 ##########
 @@ -1175,9 +1188,8 @@ $ ./bin/tls-toolkit.sh standalone -n 'node1.nifi.apache.org' \
   * If the DER file only contains the public certificate, use this command:
   ** `openssl x509 -inform der -in cert.der -out cert.pem`
 . To convert from a PKCS12 keystore (`keystore.p12`) containing both the public certificate and private key into PEM encoded files (`$PASSWORD` is the keystore password):
-  * `openssl pkcs12 -in keystore.p12 -out cert.der -nodes -password "pass:$PASSWORD"`
+  * `openssl pkcs12 -in keystore.p12 -nodes -clcerts -nokeys -out cert.pem  -password "pass:$PASSWORD"`
   * `openssl pkcs12 -in keystore.p12 -nodes -nocerts -out key.key -password "pass:$PASSWORD"`
-  * Follow the steps above to convert `cert.der` to `cert.pem`
 . To convert from a Java Keystore (`keystore.jks`) containing private key into PEM encoded files (`$P12_PASSWORD` is the PKCS12 keystore password, `$JKS_PASSWORD` is the Java keystore password you want to set, and `$ALIAS` can be any value -- the NiFi default is `nifi-key`):
   * `keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -srcstoretype JKS -deststoretype PKCS12 -destkeypass "$P12_PASSWORD" -deststorepass "$P12_PASSWORD" -srcstorepass "$JKS_PASSWORD" -srcalias "$ALIAS" -destalias "$ALIAS"`
   * Follow the steps above to convert from `keystore.p12` to `cert.pem` and `key.key`
 
 Review comment:
   Did you want to remove this "Follow the steps above" line as well for consistency?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services