You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/01 07:38:28 UTC
[GitHub] [apisix] zhukexingkong edited a comment on issue #6429: request help: A TLS API is routed, but the Client Key is different from the original one
zhukexingkong edited a comment on issue #6429:
URL: https://github.com/apache/apisix/issues/6429#issuecomment-1055048279
@tzssangglass
1. This is the client key, I accessed the local service directly in the browser, which can do TLS authentication, but failed in APISIX.
2. I created upstream and then used upstream's ID for TLS creation,
command: python ./patch_upstream_mtls.py 396921614249231056 ./client.pem ./client.key
return:
{"error_msg":"failed to decrypt previous encrypted key"}
APISIX error.log:
2022/03/01 07:36:21 [error] 3002#3002: *198878674 [lua] ssl.lua:92: aes_decrypt_pkey(): base64 decode ssl key failed. key[Bag Attributes
friendlyName: client
localKeyID: 54 69 6D 65 20 31 36 34 36 31 31 38 36 33 35 38 32 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCBBpcYtLxaxFBS
UE4qoiTUFLo9ESdstDSQe7VUl4xurowcoLnADvQda1C+TSdZcfFM/wyMBy6IG+EH
zaFeYvgJbbyBErOtBAfNfCigRYHbDVJVxg3Nyau2dwd9DjDnNXrOlkqwyTg0MJeo
sg/pDY7FLlXIg7/Sv9+oKgDBTCkBFC3oFd1s29xfYSfdqekgMBu/h6rM03NGphGw
q/TUQQMpFY+3b5cuHU2i55C5L0Ound/Hffp9pOCnS8LZE3v4DZxPfD6XcniXYM92
93IO6zWI6bFOow2z/EcIFJxVfVY6RKr5m/ly+3NY2gbWDsCHhkHnZgTMdJ0jU79f
18BrhywhAgMBAAECggEAW7NFXAfH/nKb64SrqV1H83svygsRDA8fdLiXbaGv61Ie
vpH0sm1uTiJhZn8LQmTa7LAwSK0qAw5dZuBcmeqZAop9ePbDwGmm6gIeFZqQ6hCT
veZfFS0J30rFhbm6Q/kcaQsj1nWMfnsyrnCvIiHCoJ2H1lTc1noMCUag9sCcO+kL
SAUGu0KA2EtIJMWfDjXcHMKcoRC4nwysCAjMVZ0C0QlwL1VGPzdgGCLAt4E8xJyB
VA+x59rTuMPAQM0xk5mUgJlA3iwNmdu3vKlBN3iV4YlJeFmxokpe8pytOACzGsfY
akbicVY9lZaNHchLW8jkhM9ARe2gX8ndRs29alwOyQKBgQC2oHf38bAm7jaVYm4W
HP5is/ZPC0JwXb4OVR5rfHzhuDDN32Np5XniMbdQAgy9unppY89XuOdG/MQ98Ded
/Vj8zZjiKMrl8hs+P30hLs1wvwf5yDt0u8G6vLMLt4BZwNecZuByjVBA3pXAdMQn
KE4GsWkbvwiv1q1QHxqsSiV4xwKBgQC03SS++TZ7C+eHFQGnZVm+e6Q2rkoc14gF
tMMOWPqYXdeuPYrmCjQ/SeiF9Fy/f8+Ul9iX+f6OYRe19Es9OS30pyGlfYWprMtS
7qMkXRP3lVqgdxMy2ePP1joi682i4Pq4I9Ls9aXWv2hZCwyHvWaB3DFnWP6KcBDp
SS+jquBb1wKBgQCLVXjSWbpMqXhJlvRouKw5ABaPDgcdldfYNYbk+PCKgi3yFFpT
w/mu4sF6MGYqJukYGUdrJS6HEXhjzS+RwWYwUmgvPHI45/NzFZtRQtUJDSZ3oxYB
pPJUl31/Ffy9/YxCzpa1ry0ooOneEPhK68xD/P01ZxWomoBWXbTK+DMIpwKBgQCF
iZIL/u0exJdZwUTLV6V/YsLILL9DtE8WB3TNLx03SnJoj7/yQS56XBN2dAnWyoN1
bvfYnhg4/68GBS1YMtOfg5bwHVGHCbHFtbR2sNKBRqD3QXPHY+E0HzQlfH0D+aCk
PK8LjgO4HvLoa6QAxPLehrljWO33QO77j7HA4fVtWQKBgASiriIlYFcJKqs2q+OH
fKGmzxDyM4Cq5+IkmcyjwoGWgt8CZR0YaiJgPt/CMviS0KlT3Pzp/SQdsZf/MiEX
zENi+e0YeRW8+MYfKB6Jox2616oOV/SxWCWSfNE54llnmk+MMam49PtYTV3nrRPa
Yl+YJnXe14Lmg8Z22tojoXj1
-----END PRIVATE KEY-----
] , client: 127.0.0.1, server: _, request: "PATCH /apisix/admin/upstreams/396932008539849406 HTTP/1.1", host: "127.0.0.1:9080"
3.Why is the key and certificate correct, but APISIX reports an error?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org