[
https://issues.apache.org/jira/browse/NIFI-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16564622#comment-16564622
]
ASF GitHub Bot commented on NIFI-5473:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/2927
@pepov I was able to reproduce this. I can resolve the error you get by
converting the TinyCert private key from PKCS #8 PEM format to PKCS #1 PEM
format (converting from a wrapper containing the DER structure to the raw RSA
key). Once this is done, there is still an error because of `Error creating
generating tls configuration. (certificate does not verify with supplied key)`
which is basically saying that the `nifi-cert.pem` isn't signed by itself,
which is to be expected. I opened
[NIFI-5476](https://issues.apache.org/jira/browse/NIFI-5476) to implement this.
> Add documentation for using intermediate CA with TLS toolkit
> ------------------------------------------------------------
>
> Key: NIFI-5473
> URL: https://issues.apache.org/jira/browse/NIFI-5473
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website, Security, Tools and Build
> Affects Versions: 1.7.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Priority: Major
> Labels: certificate, documentation, security, tls, tls-toolkit
>
> With some manual work, the TLS toolkit can be used with a pre-existing
> certificate and private key that has been signed by an organization's
> certificate authority (CA) to sign toolkit-generated certificates. The Admin
> Guide should be improved to cover the necessary steps.
> When the separate "Security Guide" / "Toolkit Guide" is created, this content
> should be migrated there.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
