Server
CA server mode is invoked by running ./bin/tls-toolkit.sh server
or
bin\tls-toolkit.sh server
.
Usage
To show help:
./bin/tls-toolkit.sh server -h
The following are available options:
-
-a
,--keyAlgorithm <arg>
Algorithm to use for generated keys (default:RSA
) -
--configJsonIn <arg>
The place to read configuration info from (defaults to the value of configJson), implies useConfigJson if set (default:configJson
value) -
-d
,--days <arg>
Number of days issued certificate should be valid for (default:825
) -
-D
,--dn <arg>
The dn to use for the CA certificate (default:CN=YOUR_CA_HOSTNAME,OU=NIFI
) -
-f
,--configJson <arg>
The place to write configuration info (default:config.json
) -
-F
,--useConfigJson
Flag specifying that all configuration is read fromconfigJson
to facilitate automated use (otherwiseconfigJson
will only be written to) -
-g
,--differentKeyAndKeystorePasswords
Use different generated password for the key and the keystore -
-h
,--help
Print help and exit -
-k
,--keySize <arg>
Number of bits for generated keys (default:2048
) -
-p
,--PORT <arg>
The port for the Certificate Authority to listen on (default:8443
) -
-s
,--signingAlgorithm <arg>
Algorithm to use for signing certificates (default:SHA256WITHRSA
) -
-T
,--keyStoreType <arg>
The type of keystores to generate (default:jks
) -
-t
,--token <arg>
The token to use to prevent MITM (required and must be same as one used by clients)