Create user generated keys for securing NiFi

Create user generated keys for securing NiFi

 

 Creating Keystore:

 

1. openssl genrsa -aes128 -out rootCA.key 4096
2. openssl req -x509 -new -key rootCA.key -days 1095 -out rootCA.pem
3. openssl x509 -outform der -in rootCA.pem -out rootCA.der
4. keytool -import -keystore truststore.jks -file rootCA.der -alias rootCA
5. keytool -v -list -keystore truststore.jks   

Creating Truststore:

 

1. keytool -genkey -alias nifi-server1 -keyalg RSA -keystore nifi-server1.jks -keysize 2048
   Enter keystore password:
   Re-enter new password:
   What is your first and last name?
   [Unknown]: nifi
   What is the name of your organizational unit?
   [Unknown]: bigdata
   What is the name of your organization?
   [Unknown]: supranimbus
   What is the name of your City or Locality?
   [Unknown]: trichy
   What is the name of your State or Province?
   [Unknown]: TN
   What is the two-letter country code for this unit?
   [Unknown]: IN
   Is CN=nifi, OU=bigdata, O=supranimbus, L=trichy, ST=TN, C=IN correct?
   [no]: yes
   Enter key password for <nifi-server1>
   (RETURN if same as keystore password):
   Re-enter new password: 
2. keytool -certreq -alias nifi-server1 -keystore nifi-server1.jks -file nifi-server1.csr
3. keytool -certreq -alias nifi-server1 -ext san=dns:nifi-server1.nimbus.com,ip:127.0.0.1
   -keystore nifi-server1.jks -file nifi-server1.csr
4. openssl x509 -sha256 -req -in nifi-server1.csr -CA rootCA.pem -CAkey rootCA.key
   -CAcreateserial -out nifi-server1.crt -days 730
5. keytool -import -keystore nifi-server1.jks -file rootCA.pem
6. keytool -import -trustcacerts -alias nifi-server1 -file nifi-server1.crt -keystore
   nifi-server1.jks

Reference:

https://community.hortonworks.com/articles/17293/how-to-create-user-generated-keys-for-secur ing-nif.html