The integration tests that run a secure NiFi require keystores and truststores for the server and client in order to establish a two-way TLS connection.
The keys/certs for these tests were generated with the tls-toolkit included with NiFi Toolkit v1.4.0.
The steps for generating replacements are:
# use NiFi tls-toolkit to generate CA, server key/cert, client key/cert ./nifi-toolkit-1.4.0/bin/tls-toolkit.sh standalone --certificateAuthorityHostname localhost --hostnames localhost --nifiDnSuffix ", OU=nifi" --keyStorePassword localhostKeystorePassword --trustStorePassword localhostTruststorePassword --clientCertDn "CN=user1, OU=nifi" --clientCertPassword u1Pass --days 3650 --outputDirectory nifireg-integrationtest # change to tls-toolkit output directory cd ./nifireg-integrationtest # copy server's key/trust stores mkdir keys cp localhost/keystore.jks keys/localhost-ks.jks cp localhost/truststore.jks keys/localhost-ts.jks # create a Java Key Store (JKS) from the client key keytool -importkeystore -destkeystore keys/client-ks.jks -deststorepass clientKeystorePassword -destkeypass u1Pass -srckeystore CN=user1_OU=nifi.p12 -srcstorepass u1Pass -srcstoretype PKCS12
You should now have a directory with the following contents:
keys/ +-- client-ks.jks # client keystore: keystorePass=clientKeystorePassword, keyPass=u1Pass +-- localhost-ks.jks # server keystore: keystorePass=localhostKeystorePassword, keyPass=localhostKeystorePassword +-- localhost-ts.jks # server/client truststore (contains CA): truststorePass=localhostTruststorePassword
Copy these files to the test/resources/keys/ directory.