You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/05/27 10:18:05 UTC
[GitHub] [apisix] Uangski commented on issue #4322: request help: etcd TLS 模式疑问
Uangski commented on issue #4322:
URL: https://github.com/apache/apisix/issues/4322#issuecomment-849515007
设置相关参数,如下:
ssl_trusted_certificate: "/opt/etcd/ssl/ca.pem"
tls:
key: "/opt/etcd/ssl/client-key.pem"
cert: "/opt/etcd/ssl/client.pem"
verify: true
日志报错:
2021/05/27 10:09:13 [error] 44#44: *16 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 44#44: *24 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 45#45: *34 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
2021/05/27 10:09:13 [error] 45#45: *49 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42), context: ngx.timer
请问有可能是哪里出问题了呢?用 etcdctl --endpoints="https://192.168.58.128:2379" --cacert="/opt/etcd/ssl/ca.pem" --key="/opt/etcd/ssl/client-key.pem" --cert="/opt/etcd/ssl/client.pem" get /apisix/plugins 是可以返回内容的。
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org