Created 02-03-2020 08:08 PM
Hi @MattWho one last question
since i have generated certs as per hostnames with proper cn & san..
to configure truststore, do i need to merge the truststore.jks generated for both the hosts or can i use one truststore for both hosts?
sh /opt/nifi-toolkit-1.9.2/bin/tls-toolkit.sh standalone -B mypasswd -C 'CN=nifiadmin, OU=NIFI' -n 'ip-10-175-12x-xx.abc.com,ip-10-175-12x-xxx.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_divya/ -K mypasswd -P mypasswd -S mypasswd
-rw-------. 1 root root 3437 Feb 3 04:46 CN=nifiadmin_OU=NIFI.p12
-rw-------. 1 root root 29 Feb 3 04:46 CN=nifiadmin_OU=NIFI.password
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
-rw-------. 1 root root 1200 Feb 3 04:46 nifi-cert.pem
-rw-------. 1 root root 1675 Feb 3 04:46 nifi-key.key
Created 02-04-2020 06:47 AM
Since all your certificates have been signed by the same CA, the truststore used by all nodes only needs to contain the public cert for that one CA.
Thanks,
Matt
Created 02-18-2020 07:36 PM
@MattWho really appreciate you for educating me on this. Thanks!