0

我正在配置 KNOX SSO 以保护 NiFi遵循此文档,并在请求证书令牌不符合 16 字节的最小大小时出错。

root@hadoop:/home/knox# /home/hadoop/nifi/config/nifi-toolkit/bin/tls-toolkit.sh client --subjectAlternativeNames "CN=hostname.org, OU=KNOX" -F -f /home/knox/nifi-ca-config.json
2019/09/25 14:14:17 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient: Requesting new certificate from cityhub.bigdatacenter.org:10443
Service client error: java.security.GeneralSecurityException: Token does not meet minimum size of 16 bytes.

Usage: tls-toolkit service [-h] [args]

Services:
   standalone: Creates certificates and config files for nifi cluster.
   server: Acts as a Certificate Authority that can be used by clients to get Certificates
   client: Generates a private key and gets it signed by the certificate authority.
   status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.

这是 /home/knox/nifi-ca-config.json 的内容

{
  "dn" : "CN=hostname.org, OU=KNOX",
  "domainAlternativeNames" : null,
  "keyStore" : "/home/knox/knox-nifi-keystore.jks",
  "keyStoreType" : "jks",
  "keyStorePassword" : "admin",
  "keyPassword" : "admin",
  "token" : "token",
  "caHostname" : "hostname.org",
  "port" : 10443,
  "dnPrefix" : "CN=",
  "dnSuffix" : ", OU=NIFI",
  "reorderDn" : true,
  "trustStore" : "/home/knox/knox-nifi-truststore.jks",
  "trustStorePassword" : "admin",
  "trustStoreType" : "jks"
}
4

1 回答 1

1

错误消息显示“令牌不满足 16 字节的最小大小”。所以您可能需要将配置 json 中的令牌字段更改为 16 个字符,现在您只有“令牌”。

于 2019-09-25T13:17:05.960 回答