Hello, I am using Apache Zookeeper 3.5.9. My aim is to utilize existing PEM keys (private key and signed certificate ) to establish a TLS connection to zookeeper. I have combined both private key and public certificate into a single file and intend to use it as a keystore. Before appending the private key, I have converted it into pkcs8 format using *openssl pkcs8 -topk8 ...* . But I still kept it (the pkcs8 format private key) encrypted with a password. (----- BEGIN ENCRYTED PRIVATE KEY----- *******). Now, when I try to use this private key and its certificate as keystore, the zookeeper is throwing an error message *"Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: java.security.spec.InvalidKeySpecException: Inappropriate key specification: IOException : DER input, Integer tag error* *". *I have mentioned both ssl.keyStore.password and ssl.key.password in the config file as a precaution. Still the error persists.
As a next trial, I have removed the encryption and combined the private key and its public certificate into a single pem file. Now, when I use this file as keystore, I am able to connect to the zookeeper using TLS without any issues. Is encrypted private key not supported by the zookeeper PEM reader or am I missing something here? I would be happy to reply with more details if needed. Hope you can help me solve the issue. Thanks and Regards, Sai Chandra Mouli T P.S: My domain certificate is signed by my own self-signed root CA.
