You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/27 10:18:05 UTC

[GitHub] [apisix] Uangski commented on issue #4322: request help: etcd TLS 模式疑问

Uangski commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-849515007


   设置相关参数，如下：
   ssl_trusted_certificate: "/opt/etcd/ssl/ca.pem"
     tls:
       key: "/opt/etcd/ssl/client-key.pem"
       cert: "/opt/etcd/ssl/client.pem"
       verify: true
   日志报错：
   2021/05/27 10:09:13 [error] 44#44: *16 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
   2021/05/27 10:09:13 [error] 44#44: *24 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
   2021/05/27 10:09:13 [error] 45#45: *34 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
   2021/05/27 10:09:13 [error] 45#45: *49 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
   请问有可能是哪里出问题了呢？用 etcdctl --endpoints="https://192.168.58.128:2379" --cacert="/opt/etcd/ssl/ca.pem" --key="/opt/etcd/ssl/client-key.pem"  --cert="/opt/etcd/ssl/client.pem" get /apisix/plugins  是可以返回内容的。
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org