Error converting aws exported private-key to pkcs12 : unable to load private key

Question

I am trying to setup secure nifi on https for that exported certificate from aws acm and following below document to get pkc12, keystore.jks and trustore.jks format.

https://community.cloudera.com/t5/Support-Questions/NIFI-SSL-how-to-use-registered-certificates-not-self-signed/td-p/214397

When I run a below command it asked for the password provided the password that I set at the time of exporting the file but still say unable to load private key.

[vagrant@vagrant nifi-toolkit-1.11.4]$ openssl pkcs12 -export -out keystore.p12 -in private-key.txt unable to load private key

Someone suggest how to use aws certificate in nifi.

Answer 1

Acm export certificate provide following file:

1. Certificate.txt
2. Certificate_chain.txt
3. private_key.txt

For nifi you need three file:

1. key.p12
2. keystore.jks
3. truststore.jks

Use following command to get p12 And jks file :

1. cat private_key.txt > server.pem
2. cat Certificate.txt >> server.pem
3. openssl pkcs12 -export -out key.p12 -in server.pem
4. keytool -v -importkeystore -srckeystore key.p12 -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
5. keytool -import -v -trustcacerts -alias domain_ca -file Certificate_chain.txt -keystore truststore.jks

Note provide the password specified at time of downloading the certificate.