Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Difference between TLS toolkit modes : standalone and client/server

Highlighted

Difference between TLS toolkit modes : standalone and client/server

New Contributor

Hi guys!

I setup successfully a secured Nifi server (containing one node) using tls-toolkit in standalone mode.

I'm asking the difference between tls-toolkit in standalone and client/server modes and when using each mode.

Thanks

3 REPLIES 3

Re: Difference between TLS toolkit modes : standalone and client/server

Guru

Hi @Zakaria AFKIR

The TLS Toolkit (and its different modes) is covered in the NiFi Sys Administration Guide, specifically:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#tls_generation_toolkit

There is also a helpful HCC article here:

https://community.hortonworks.com/articles/58233/using-the-tls-toolkit-to-simplify-security.html

which makes the distinction:

  • Standalone is for a one-off generation of certificates and keys
  • Client/Server allows you to run the tls toolkit as a server to sign Certificate Signing Requests from clients

Additionally, there is help available for each mode if you want to see the available commands. For example:

./bin/tls-toolkit.sh standalone -help

Re: Difference between TLS toolkit modes : standalone and client/server

New Contributor

Thanks @Andrew Lim

I see the description below:

  1. Standalone — generates the certificate authority, keystores, truststores, and nifi.properties files in one command
  2. Client/Server mode — uses a Certificate Authority Server that accepts Certificate Signing Requests from clients, signs them, and sends the resulting certificates back. Both client and server validate the other’s identity through a shared secret

Standalone and client, both generate the certificate authority, keystores, truststores. Sorry I don't see the difference.

Re: Difference between TLS toolkit modes : standalone and client/server

Guru

I updated my answer above.

Don't have an account?
Coming from Hortonworks? Activate your account here