You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/01 07:38:28 UTC

[GitHub] [apisix] zhukexingkong edited a comment on issue #6429: request help: A TLS API is routed, but the Client Key is different from the original one

zhukexingkong edited a comment on issue #6429:
URL: https://github.com/apache/apisix/issues/6429#issuecomment-1055048279


   @tzssangglass 
   1. This is the client key, I accessed the local service directly in the browser, which can do TLS authentication, but failed in APISIX.
   2. I created upstream and then used upstream's ID for TLS creation, 
   command: python ./patch_upstream_mtls.py 396921614249231056 ./client.pem ./client.key
   return:
   {"error_msg":"failed to decrypt previous encrypted key"}
   
   APISIX error.log:
   2022/03/01 07:36:21 [error] 3002#3002: *198878674 [lua] ssl.lua:92: aes_decrypt_pkey(): base64 decode ssl key failed. key[Bag Attributes
       friendlyName: client
       localKeyID: 54 69 6D 65 20 31 36 34 36 31 31 38 36 33 35 38 32 31 
   Key Attributes: <No Attributes>
   -----BEGIN PRIVATE KEY-----
   MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCBBpcYtLxaxFBS
   UE4qoiTUFLo9ESdstDSQe7VUl4xurowcoLnADvQda1C+TSdZcfFM/wyMBy6IG+EH
   zaFeYvgJbbyBErOtBAfNfCigRYHbDVJVxg3Nyau2dwd9DjDnNXrOlkqwyTg0MJeo
   sg/pDY7FLlXIg7/Sv9+oKgDBTCkBFC3oFd1s29xfYSfdqekgMBu/h6rM03NGphGw
   q/TUQQMpFY+3b5cuHU2i55C5L0Ound/Hffp9pOCnS8LZE3v4DZxPfD6XcniXYM92
   93IO6zWI6bFOow2z/EcIFJxVfVY6RKr5m/ly+3NY2gbWDsCHhkHnZgTMdJ0jU79f
   18BrhywhAgMBAAECggEAW7NFXAfH/nKb64SrqV1H83svygsRDA8fdLiXbaGv61Ie
   vpH0sm1uTiJhZn8LQmTa7LAwSK0qAw5dZuBcmeqZAop9ePbDwGmm6gIeFZqQ6hCT
   veZfFS0J30rFhbm6Q/kcaQsj1nWMfnsyrnCvIiHCoJ2H1lTc1noMCUag9sCcO+kL
   SAUGu0KA2EtIJMWfDjXcHMKcoRC4nwysCAjMVZ0C0QlwL1VGPzdgGCLAt4E8xJyB
   VA+x59rTuMPAQM0xk5mUgJlA3iwNmdu3vKlBN3iV4YlJeFmxokpe8pytOACzGsfY
   akbicVY9lZaNHchLW8jkhM9ARe2gX8ndRs29alwOyQKBgQC2oHf38bAm7jaVYm4W
   HP5is/ZPC0JwXb4OVR5rfHzhuDDN32Np5XniMbdQAgy9unppY89XuOdG/MQ98Ded
   /Vj8zZjiKMrl8hs+P30hLs1wvwf5yDt0u8G6vLMLt4BZwNecZuByjVBA3pXAdMQn
   KE4GsWkbvwiv1q1QHxqsSiV4xwKBgQC03SS++TZ7C+eHFQGnZVm+e6Q2rkoc14gF
   tMMOWPqYXdeuPYrmCjQ/SeiF9Fy/f8+Ul9iX+f6OYRe19Es9OS30pyGlfYWprMtS
   7qMkXRP3lVqgdxMy2ePP1joi682i4Pq4I9Ls9aXWv2hZCwyHvWaB3DFnWP6KcBDp
   SS+jquBb1wKBgQCLVXjSWbpMqXhJlvRouKw5ABaPDgcdldfYNYbk+PCKgi3yFFpT
   w/mu4sF6MGYqJukYGUdrJS6HEXhjzS+RwWYwUmgvPHI45/NzFZtRQtUJDSZ3oxYB
   pPJUl31/Ffy9/YxCzpa1ry0ooOneEPhK68xD/P01ZxWomoBWXbTK+DMIpwKBgQCF
   iZIL/u0exJdZwUTLV6V/YsLILL9DtE8WB3TNLx03SnJoj7/yQS56XBN2dAnWyoN1
   bvfYnhg4/68GBS1YMtOfg5bwHVGHCbHFtbR2sNKBRqD3QXPHY+E0HzQlfH0D+aCk
   PK8LjgO4HvLoa6QAxPLehrljWO33QO77j7HA4fVtWQKBgASiriIlYFcJKqs2q+OH
   fKGmzxDyM4Cq5+IkmcyjwoGWgt8CZR0YaiJgPt/CMviS0KlT3Pzp/SQdsZf/MiEX
   zENi+e0YeRW8+MYfKB6Jox2616oOV/SxWCWSfNE54llnmk+MMam49PtYTV3nrRPa
   Yl+YJnXe14Lmg8Z22tojoXj1
   -----END PRIVATE KEY-----
   ] , client: 127.0.0.1, server: _, request: "PATCH /apisix/admin/upstreams/396932008539849406 HTTP/1.1", host: "127.0.0.1:9080"
   
   3.Why is the key and certificate correct, but APISIX reports an error?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org