0

I was configuring KNOX SSO to secure NiFi follow this document and got an error when requesting certificate Token does not meet minimum size of 16 bytes.

root@hadoop:/home/knox# /home/hadoop/nifi/config/nifi-toolkit/bin/tls-toolkit.sh client --subjectAlternativeNames "CN=hostname.org, OU=KNOX" -F -f /home/knox/nifi-ca-config.json
2019/09/25 14:14:17 INFO [main] org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient: Requesting new certificate from cityhub.bigdatacenter.org:10443
Service client error: java.security.GeneralSecurityException: Token does not meet minimum size of 16 bytes.

Usage: tls-toolkit service [-h] [args]

Services:
   standalone: Creates certificates and config files for nifi cluster.
   server: Acts as a Certificate Authority that can be used by clients to get Certificates
   client: Generates a private key and gets it signed by the certificate authority.
   status: Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.

This is the content of /home/knox/nifi-ca-config.json

{
  "dn" : "CN=hostname.org, OU=KNOX",
  "domainAlternativeNames" : null,
  "keyStore" : "/home/knox/knox-nifi-keystore.jks",
  "keyStoreType" : "jks",
  "keyStorePassword" : "admin",
  "keyPassword" : "admin",
  "token" : "token",
  "caHostname" : "hostname.org",
  "port" : 10443,
  "dnPrefix" : "CN=",
  "dnSuffix" : ", OU=NIFI",
  "reorderDn" : true,
  "trustStore" : "/home/knox/knox-nifi-truststore.jks",
  "trustStorePassword" : "admin",
  "trustStoreType" : "jks"
}
Chhaileng
  • 2,428
  • 1
  • 27
  • 24

1 Answers1

1

The error message says "Token does not meet minimum size of 16 bytes." so you probably need to change the token field in your config json to be 16 characters, right now you have just "token".

Bryan Bende
  • 18,320
  • 1
  • 28
  • 39