You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@zookeeper.apache.org by sai chandra mouli <ts...@gmail.com> on 2021/11/10 18:38:34 UTC
Usage Of PEM Files for Keystores and Truststores in Apache zookeeper 3.5.9
Hello,
I am using Apache Zookeeper 3.5.9. My aim is to utilize existing PEM keys
(private key and signed certificate ) to establish a TLS connection to
zookeeper.
I have combined both private key and public certificate into a single file
and intend to use it as a keystore. Before appending the private key, I
have converted it into pkcs8 format using *openssl pkcs8 -topk8 ...* . But
I still kept it (the pkcs8 format private key) encrypted with a password.
(----- BEGIN ENCRYTED PRIVATE KEY----- *******). Now, when I try to use
this private key and its certificate as keystore, the zookeeper is throwing
an error message
*"Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
java.security.spec.InvalidKeySpecException: Inappropriate key
specification: IOException : DER input, Integer tag error*
*". *I have mentioned both ssl.keyStore.password and ssl.key.password in
the config file as a precaution. Still the error persists.
As a next trial, I have removed the encryption and combined the private key
and its public certificate into a single pem file. Now, when I use this
file as keystore, I am able to connect to the zookeeper using TLS without
any issues.
Is encrypted private key not supported by the zookeeper PEM reader or am I
missing something here?
I would be happy to reply with more details if needed. Hope you can help me
solve the issue.
Thanks and Regards,
Sai Chandra Mouli T
P.S: My domain certificate is signed by my own self-signed root CA.
Re: Usage Of PEM Files for Keystores and Truststores in Apache
zookeeper 3.5.9
Posted by Enrico Olivelli <eo...@gmail.com>.
Sai,
Il giorno mer 10 nov 2021 alle ore 20:01 sai chandra mouli <
tsaimouli1999@gmail.com> ha scritto:
> Hello,
>
> I am using Apache Zookeeper 3.5.9. My aim is to utilize existing PEM keys
> (private key and signed certificate ) to establish a TLS connection to
> zookeeper.
> I have combined both private key and public certificate into a single file
> and intend to use it as a keystore. Before appending the private key, I
> have converted it into pkcs8 format using *openssl pkcs8 -topk8 ...* . But
> I still kept it (the pkcs8 format private key) encrypted with a password.
> (----- BEGIN ENCRYTED PRIVATE KEY----- *******). Now, when I try to use
> this private key and its certificate as keystore, the zookeeper is throwing
> an error message
> *"Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException:
> java.security.spec.InvalidKeySpecException: Inappropriate key
> specification: IOException : DER input, Integer tag error*
> *". *I have mentioned both ssl.keyStore.password and ssl.key.password in
> the config file as a precaution. Still the error persists.
>
> As a next trial, I have removed the encryption and combined the private key
> and its public certificate into a single pem file. Now, when I use this
> file as keystore, I am able to connect to the zookeeper using TLS without
> any issues.
> Is encrypted private key not supported by the zookeeper PEM reader or am I
> missing something here?
>
Unfortunately I don't know, but if you can share the full stacktrace of the
error we can try to understand where the error comes from and follow up
with more details
Enrico
> I would be happy to reply with more details if needed. Hope you can help me
> solve the issue.
>
> Thanks and Regards,
> Sai Chandra Mouli T
>
> P.S: My domain certificate is signed by my own self-signed root CA.
>