11/23/2016 - 3:23 AM

Commonly used certificate and keystore commands for verifying Apache NiFi API/UI TLS MA connections.

Rendered
Source

Certificate and key commands

1. Verify connection:

$ openssl s_client -connect <host:port> -debug -state -cert <path_to_your_cert.pem> -key <path_to_your_key.pem> -CAfile <path_to_your_CA_cert.pem>

2. Export client cert from PKCS12 keystore to PEM:

$ openssl pkcs12 -in CN=<something_you_typed>_OU=Apache NiFi.p12 -out client.der -nodes
$ openssl x509 -inform der -in client.der -out client.pem

3. Export client private key from PKCS12 keystore to PEM:

$ openssl pkcs12 -in CN=<something_you_typed>_OU=Apache NiFi.p12 -nodes -nocerts -out client.key

4. Export server cert from JKS keystore to PEM:

$ keytool -export -alias <your_alias> -file nifi.der -keystore <keystore.jks>
$ openssl x509 -inform der -in nifi.der -out nifi.pem
$ openssl x509 -in nifi.pem -text -noout # displays the cert
$ more nifi.pem # displays the cert in Base64

5. Export server private key from JKS keystore to PEM:

$ keytool -importkeystore -srckeystore <keystore.jks> -destkeystore keystore.p12 -deststoretype PKCS12
$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out nifi.key

6. Export CA cert from JKS keystore to PEM:

$ keytool -export -alias <your_alias> -file ca.der -keystore <truststore.jks>
$ openssl x509 -inform der -in ca.der -out ca.pem

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Commonly used certificate and keystore commands for verifying Apache NiFi API/UI TLS MA connections.

Certificate and key commands

1. Verify connection:

2. Export client cert from PKCS12 keystore to PEM:

3. Export client private key from PKCS12 keystore to PEM:

4. Export server cert from JKS keystore to PEM:

5. Export server private key from JKS keystore to PEM:

6. Export CA cert from JKS keystore to PEM: