Certificate and key commands
$ openssl s_client -connect < host:port> -debug -state -cert < path_to_your_cert.pem> -key < path_to_your_key.pem> -CAfile < path_to_your_CA_cert.pem>
2. Export client cert from PKCS12 keystore to PEM:
$ openssl pkcs12 -in CN=< something_you_typed> _OU=Apache NiFi.p12 -out client.der -nodes
$ openssl x509 -inform der -in client.der -out client.pem
3. Export client private key from PKCS12 keystore to PEM:
$ openssl pkcs12 -in CN=< something_you_typed> _OU=Apache NiFi.p12 -nodes -nocerts -out client.key
4. Export server cert from JKS keystore to PEM:
$ keytool -export -alias < your_alias> -file nifi.der -keystore < keystore.jks>
$ openssl x509 -inform der -in nifi.der -out nifi.pem
$ openssl x509 -in nifi.pem -text -noout # displays the cert
$ more nifi.pem # displays the cert in Base64
5. Export server private key from JKS keystore to PEM:
$ keytool -importkeystore -srckeystore < keystore.jks> -destkeystore keystore.p12 -deststoretype PKCS12
$ openssl pkcs12 -in keystore.p12 -nodes -nocerts -out nifi.key
6. Export CA cert from JKS keystore to PEM:
$ keytool -export -alias < your_alias> -file ca.der -keystore < truststore.jks>
$ openssl x509 -inform der -in ca.der -out ca.pem