Hello,
I'm trying to configure an AWS AMI as a preconfigured NiFi node which is ready to join my existing 3 node NiFi cluster.
I took an image of a working node, where I have successfully ran the tls-toolkit.sh in client mode to point to one of the nodes which is running tls-toolkit in server mode. I've been able to use the toolkit on all 3 working nodes to get a secure cluster up and running.
On a new instance which was deployed using the image of the working node, I'm now trying to run the tls-toolkit in client mode to get a signed cert from the CA node (nifi-01), and am getting the following error:
root@ip-10-20-100-82:/etc/nifi/pki# bash /etc/nifi/nifi-toolkit-1.5.0/bin/tls-toolkit.sh client -c nifi-01 -t mytoken -p 10000
Service client error: null
Usage: tls-toolkit service [-h] [args]
Services:
standalone: Creates certificates and config files for nifi cluster.
server: Acts as a Certificate Authority that can be used by clients to get Certificates
client: Generates a private key and gets it signed by the certificate authority.
status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.
Since this is an image of a working node, everything regarding Java, JAVA_HOME, etc is all exactly the same.
I verified that this new node can resolve and connect to nifi-01 on port 10000. I used tcpdump to watch for traffic between the 2 when running the toolkit, and there is no traffic generated.
Please help!
Thanks.
