You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/03/30 07:07:19 UTC

[GitHub] [rocketmq] chris-joys opened a new issue #4067: 配置tls时,出现Input stream does not contain valid private key.错误,请问有TLS配置文档吗?

chris-joys opened a new issue #4067:
URL: https://github.com/apache/rocketmq/issues/4067


   我在生成证书文件并进行配置后出现了以下错误:
   java.lang.IllegalArgumentException: Input stream does not contain valid private key.
   
   证书生成过程参考的以下文档:
   https://segmentfault.com/a/1190000010040134%E8%87%AA%E7%AD%BE%E8%AF%81%E4%B9%A6%E3%80%82
   
   证书在服务器中的配置如下:
   # The flag to determine whether use test mode when initialize TLS context. default is true
   tls.test.mode.enable=true
   # Indicates how SSL engine respect to client authentication, default is none
   tls.server.need.client.auth=require
   # The store path of server-side private key
   tls.server.keyPath=/app/rocketmq/sslfiles/pkcs8_server.key
   # The password of the server-side private key
   tls.server.keyPassword=1234
   # The store path of server-side X.509 certificate chain in PEM format    
   tls.server.certPath=/app/rocketmq/sslfiles/server.crt
   # To determine whether verify the client endpoint's certificate strictly. default is false
   tls.server.authClient=true
   # The store path of trusted certificates for verifying the client endpoint's certificate
   tls.server.trustCertPath=/app/rocketmq/sslfiles/ca.crt
   # The store path of client-side private key
   tls.client.keyPath=/app/rocketmq/sslfiles/pkcs8_client.key
   # The password of the client-side private key
   tls.client.keyPassword=1234
   # The store path of client-side X.509 certificate chain in PEM format
   tls.client.certPath=/app/rocketmq/sslfiles/client.crt
   # To determine whether verify the server endpoint's certificate strictly
   tls.client.authServer=true
   # The store path of trusted certificates for verifying the server endpoint's certificate
   tls.client.trustCertPath=/app/rocketmq/sslfiles/ca.crt
   
   在客户端配置如下:
   # The store path of client-side private key
   tls.client.keyPath=C:\\tools\\tempData\\rocketMQTLS\\pkcs8_client.key 
   # The password of the client-side private key
   tls.client.keyPassword=1234
   # The store path of client-side X.509 certificate chain in PEM format
   tls.client.certPath=C:\\tools\\tempData\\rocketMQTLS\\client.crt
   # To determine whether verify the server endpoint's certificate strictly
   tls.client.authServer=true
   # The store path of trusted certificates for verifying the server endpoint's certificate
   tls.client.trustCertPath=C:\\tools\\tempData\\rocketMQTLS\\ca.crt
   
   客户端连接服务器出现的错误如下:
   Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key.
   	at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:293)
   	at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:126)
   	at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133)
   	at org.apache.rocketmq.client.impl.MQClientAPIImpl.<init>(MQClientAPIImpl.java:188)
   	at org.apache.rocketmq.client.impl.factory.MQClientInstance.<init>(MQClientInstance.java:133)
   	at org.apache.rocketmq.client.impl.MQClientManager.getOrCreateMQClientInstance(MQClientManager.java:52)
   	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:202)
   	at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:188)
   	at org.apache.rocketmq.client.producer.DefaultMQProducer.start(DefaultMQProducer.java:277)
   	at ext.saicgmac.basic.AclProducer.main(AclProducer.java:18)
   Caused by: java.io.IOException: overrun, bytes = 613
   	at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92)
   	at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978)
   	at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034)
   	at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024)
   	at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:291)
   	... 9 more
   
   请问是否对证书的生成有什么要求,或者是我的配置有什么问题?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org