我正在配置 KNOX SSO 以保护 NiFi遵循此文档,并在请求证书令牌不符合 16 字节的最小大小时出错。
root@hadoop:/home/knox# /home/hadoop/nifi/config/nifi-toolkit/bin/tls-toolkit.sh client --subjectAlternativeNames "CN=hostname.org, OU=KNOX" -F -f /home/knox/nifi-ca-config.json
2019/09/25 14:14:17 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient: Requesting new certificate from cityhub.bigdatacenter.org:10443
Service client error: java.security.GeneralSecurityException: Token does not meet minimum size of 16 bytes.
Usage: tls-toolkit service [-h] [args]
Services:
standalone: Creates certificates and config files for nifi cluster.
server: Acts as a Certificate Authority that can be used by clients to get Certificates
client: Generates a private key and gets it signed by the certificate authority.
status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.
这是 /home/knox/nifi-ca-config.json 的内容
{
"dn" : "CN=hostname.org, OU=KNOX",
"domainAlternativeNames" : null,
"keyStore" : "/home/knox/knox-nifi-keystore.jks",
"keyStoreType" : "jks",
"keyStorePassword" : "admin",
"keyPassword" : "admin",
"token" : "token",
"caHostname" : "hostname.org",
"port" : 10443,
"dnPrefix" : "CN=",
"dnSuffix" : ", OU=NIFI",
"reorderDn" : true,
"trustStore" : "/home/knox/knox-nifi-truststore.jks",
"trustStorePassword" : "admin",
"trustStoreType" : "jks"
}