Administration
Also available as:
PDF
loading table of contents...

Standalone

Standalone mode is invoked by running ./bin/tls-toolkit.sh standalone -h which prints the usage information along with descriptions of options that can be specified.

The most common options to specify are:

  • -n,--hostnames The comma-separated list of hostnames that you'd like to generate certificates for. It can be specified multiple times. Range and instance patterns are supported. See below for details.

  • -C,--clientCertDn The DN that you'd like to generate a client certificate for. It can be specified multiple times.

  • -f,--nifiPropertiesFile The base nifi.properties file that the tool will update for each host.

  • -o,--outputDirectory The directory to use for the resulting Certificate Authority files and NiFi configurations. A subdirectory will be made for each host.

Hostname Patterns:

  • Square brackets can be used in order to easily specify a range of hostnames. Example: [01-20]

  • Parentheses can be used in order to specify that more than one NiFi instance will run on the given host(s). Example: (5)

Examples:

Create 4 sets of keystore, truststore, nifi.properties for localhost along with a client certificate with the given DN:

bin/tls-toolkit.sh standalone -n 'localhost(4)' -C 'CN=username,OU=NIFI'

Create keystore, truststore, nifi.properties for 10 NiFi hostnames in each of 4 subdomains:

bin/tls-toolkit.sh standalone -n 'nifi[01-10].subdomain[1-4].domain'

Create 2 sets of keystore, truststore, nifi.properties for 10 NiFi hostnames in each of 4 subdomains along with a client certificate with the given DN:

bin/tls-toolkit.sh standalone -n 'nifi[01-10].subdomain[1-4].domain(2)' -C 'CN=username,OU=NIFI'