Solved: Re: How to Generate Certs to secure 3 node nifi cl... - Page 3

DivyaKaki · ‎02-03-2020

Hi @MattWho one last question

since i have generated certs as per hostnames with proper cn & san..

to configure truststore, do i need to merge the truststore.jks generated for both the hosts or can i use one truststore for both hosts?

sh /opt/nifi-toolkit-1.9.2/bin/tls-toolkit.sh standalone -B mypasswd -C 'CN=nifiadmin, OU=NIFI' -n 'ip-10-175-12x-xx.abc.com,ip-10-175-12x-xxx.abc.com' --nifiDnPrefix 'CN=' --nifiDnSuffix ', OU=NIFI' -o /tmp/certs_divya/ -K mypasswd -P mypasswd -S mypasswd

-rw-------. 1 root root 3437 Feb 3 04:46 CN=nifiadmin_OU=NIFI.p12
-rw-------. 1 root root 29 Feb 3 04:46 CN=nifiadmin_OU=NIFI.password
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
drwx------. 2 root root 71 Feb 3 04:46 ip-10-175-12x-xxx.abc.com
-rw-------. 1 root root 1200 Feb 3 04:46 nifi-cert.pem
-rw-------. 1 root root 1675 Feb 3 04:46 nifi-key.key

View solution in original post

MattWho · ‎02-04-2020

@DivyaKaki

Since all your certificates have been signed by the same CA, the truststore used by all nodes only needs to contain the public cert for that one CA.

Thanks,

Matt

View solution in original post

DivyaKaki · ‎02-18-2020

@MattWho really appreciate you for educating me on this. Thanks!

How to Generate Certs to secure 3 node nifi cluster and configs

Re: How to Generate Certs to secure 3 node nifi cluster and configs

Re: How to Generate Certs to secure 3 node nifi cluster and configs

Re: How to Generate Certs to secure 3 node nifi cluster and configs