Generating Client Certificates
If you are using a CA, you can use the TLS Toolkit provided in the HDF management pack to generate the required client certificates so that you can log into NiFi after enabling SSL.
- Navigate the TLS Toolkit directory, which will be similar
- From the command line, run the following:
bin/tls-toolkit.sh client -c <CA host name> -D "<distinguished name>" -p <CA host port> -t <NiFi CA token> -T <keystore type>Your command should look similar to:
bin/tls-toolkit.sh client -c nifi.cert.authority.example.com -D "CN=admin, OU=NIFI" -t nifi -p 10443 -T pkcs12
- To get your keystore password,
- Verify that the installation directory contains the following two
- To double-click your keystore file to launch your OS certificate management application, change keystore.pkcs12 to keystore.p12.
- Import the nifi-cert.pem file as your trusted CA.
- Import keystore.pkcs12 as the client certificate.
Re-running the TLS Toolkit generates a new set of keystore and configuration files. To avoid having your files overwritten, save the keystore and configuration files to an alternate location before re-running the TLS Toolkit.