Server

The CA server is invoked by running ./bin/tls-toolkit.sh server -h which prints the usage information along with descriptions of options that can be specified.

You can use the following command line options with the tls-toolkit in server mode:

-a,--keyAlgorithm <arg> Algorithm to use for generated keys (default: RSA)
--configJsonIn <arg> The place to read configuration info from (defaults to the value of configJson), implies useConfigJson if set (default: configJson value)
-d,--days <arg> Number of days issued certificate should be valid for (default: 1095)
-D,--dn <arg> The dn to use for the CA certificate (default: CN=YOUR_CA_HOSTNAME,OU=NIFI)
-f,--configJson <arg> The place to write configuration info (default: config.json)
-F,--useConfigJson Flag specifying that all configuration is read from configJson to facilitate automated use (otherwise configJson will only be written to)
-g,--differentKeyAndKeystorePasswords Use different generated password for the key and the keystore
-h,--help Print help and exit
-k,--keySize <arg> Number of bits for generated keys (default: 2048)
-p,--PORT <arg> The port for the Certificate Authority to listen on (default: 8443)
-s,--signingAlgorithm <arg> Algorithm to use for signing certificates (default: SHA256WITHRSA)
-T,--keyStoreType <arg> The type of keystores to generate (default: jks)
-t,--token <arg> The token to use to prevent MITM (required and must be same as one used by clients)

​Server

Server