A reminder I tossed up a gist over here with a java keytool version of a local CA with a NiFi bent:
https://gist.github.com/hawko2600/922b727634784614465b83e52ec2be52 For clusters, you just need a key per host and share them around the common truststore.jks Consider it Apache License 2.0. On Mon, 19 Feb 2024, 11:04 Paul Grey, <[email protected]> wrote: > Matthew, > > Thanks much for identifying this issue with the documentation. I see the > same error message when running step 8. I've created a JIRA and a pull > request to correct the documentation. > > https://issues.apache.org/jira/browse/NIFI-12814 > https://github.com/apache/nifi/pull/8424 > > On Fri, Feb 16, 2024 at 10:05 PM Matthew Wilson > <[email protected]> wrote: > > > Hi Devs, > > Recently found that in the steps to create Manual Keystore the step 6 for > > "Generate cluster node certificate chain" currently shows as: > > cat ca.cer nifi1.cer >nifi1.chain.cercat ca.cer nifi2.cer > >nifi2.chain.cer > > > > However this creates the chain.cer files incorrectly which generates the > > error :error:05800074:x509 certificate > routines:X509_check_private_key:key > > values mismatch:crypto/x509/x509_cmp.c:408: > > When running step 8 "Generate cluster node keystore" > > Correct syntax for step 6 that works is below: > > cat nifi1.cer ca.cer >nifi1.chain.cercat nifi2.cer ca.cer > >nifi2.chain.cer > > Reference URL Page: > > > https://nifi.apache.org/documentation/nifi-2.0.0-M2/html/walkthroughs.html#manual-keystore > > > > Please review and correct documentation as appropriate. If you need > more, > > information let me know. > > > > > > Kind Regards, > > Matthew WilsonEmail: [email protected] > > > > This e-mail may contain confidential and privileged material for the sole > > use of the intended recipient. Any review, use, distribution or > disclosure > > by others is strictly prohibited. If you are not the intended recipient > (or > > authorised to receive for the recipient), please contact the sender by > > reply e-mail and delete all copies of this message. >
