Also available as:
loading table of contents...

The CA server is invoked by running ./bin/ server -h which prints the usage information along with descriptions of options that can be specified.

You can use the following command line options with the tls-toolkit in server mode:

  • -a,--keyAlgorithm <arg> Algorithm to use for generated keys (default: RSA)

  • --configJsonIn <arg> The place to read configuration info from (defaults to the value of configJson), implies useConfigJson if set (default: configJson value)

  • -d,--days <arg> Number of days issued certificate should be valid for (default: 1095)

  • -D,--dn <arg> The dn to use for the CA certificate (default: CN=YOUR_CA_HOSTNAME,OU=NIFI)

  • -f,--configJson <arg> The place to write configuration info (default: config.json)

  • -F,--useConfigJson Flag specifying that all configuration is read from configJson to facilitate automated use (otherwise configJson will only be written to)

  • -g,--differentKeyAndKeystorePasswords Use different generated password for the key and the keystore

  • -h,--help Print help and exit

  • -k,--keySize <arg> Number of bits for generated keys (default: 2048)

  • -p,--PORT <arg> The port for the Certificate Authority to listen on (default: 8443)

  • -s,--signingAlgorithm <arg> Algorithm to use for signing certificates (default: SHA256WITHRSA)

  • -T,--keyStoreType <arg> The type of keystores to generate (default: jks)

  • -t,--token <arg> The token to use to prevent MITM (required and must be same as one used by clients)