You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/03/30 07:07:19 UTC
[GitHub] [rocketmq] chris-joys opened a new issue #4067: 配置tls时,出现Input stream does not contain valid private key.错误,请问有TLS配置文档吗?
chris-joys opened a new issue #4067:
URL: https://github.com/apache/rocketmq/issues/4067
我在生成证书文件并进行配置后出现了以下错误:
java.lang.IllegalArgumentException: Input stream does not contain valid private key.
证书生成过程参考的以下文档:
https://segmentfault.com/a/1190000010040134%E8%87%AA%E7%AD%BE%E8%AF%81%E4%B9%A6%E3%80%82
证书在服务器中的配置如下:
# The flag to determine whether use test mode when initialize TLS context. default is true
tls.test.mode.enable=true
# Indicates how SSL engine respect to client authentication, default is none
tls.server.need.client.auth=require
# The store path of server-side private key
tls.server.keyPath=/app/rocketmq/sslfiles/pkcs8_server.key
# The password of the server-side private key
tls.server.keyPassword=1234
# The store path of server-side X.509 certificate chain in PEM format
tls.server.certPath=/app/rocketmq/sslfiles/server.crt
# To determine whether verify the client endpoint's certificate strictly. default is false
tls.server.authClient=true
# The store path of trusted certificates for verifying the client endpoint's certificate
tls.server.trustCertPath=/app/rocketmq/sslfiles/ca.crt
# The store path of client-side private key
tls.client.keyPath=/app/rocketmq/sslfiles/pkcs8_client.key
# The password of the client-side private key
tls.client.keyPassword=1234
# The store path of client-side X.509 certificate chain in PEM format
tls.client.certPath=/app/rocketmq/sslfiles/client.crt
# To determine whether verify the server endpoint's certificate strictly
tls.client.authServer=true
# The store path of trusted certificates for verifying the server endpoint's certificate
tls.client.trustCertPath=/app/rocketmq/sslfiles/ca.crt
在客户端配置如下:
# The store path of client-side private key
tls.client.keyPath=C:\\tools\\tempData\\rocketMQTLS\\pkcs8_client.key
# The password of the client-side private key
tls.client.keyPassword=1234
# The store path of client-side X.509 certificate chain in PEM format
tls.client.certPath=C:\\tools\\tempData\\rocketMQTLS\\client.crt
# To determine whether verify the server endpoint's certificate strictly
tls.client.authServer=true
# The store path of trusted certificates for verifying the server endpoint's certificate
tls.client.trustCertPath=C:\\tools\\tempData\\rocketMQTLS\\ca.crt
客户端连接服务器出现的错误如下:
Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key.
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:293)
at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:126)
at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133)
at org.apache.rocketmq.client.impl.MQClientAPIImpl.<init>(MQClientAPIImpl.java:188)
at org.apache.rocketmq.client.impl.factory.MQClientInstance.<init>(MQClientInstance.java:133)
at org.apache.rocketmq.client.impl.MQClientManager.getOrCreateMQClientInstance(MQClientManager.java:52)
at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:202)
at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:188)
at org.apache.rocketmq.client.producer.DefaultMQProducer.start(DefaultMQProducer.java:277)
at ext.saicgmac.basic.AclProducer.main(AclProducer.java:18)
Caused by: java.io.IOException: overrun, bytes = 613
at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92)
at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:291)
... 9 more
请问是否对证书的生成有什么要求,或者是我的配置有什么问题?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org