Sai, Il giorno mer 10 nov 2021 alle ore 20:01 sai chandra mouli < [email protected]> ha scritto:
> Hello, > > I am using Apache Zookeeper 3.5.9. My aim is to utilize existing PEM keys > (private key and signed certificate ) to establish a TLS connection to > zookeeper. > I have combined both private key and public certificate into a single file > and intend to use it as a keystore. Before appending the private key, I > have converted it into pkcs8 format using *openssl pkcs8 -topk8 ...* . But > I still kept it (the pkcs8 format private key) encrypted with a password. > (----- BEGIN ENCRYTED PRIVATE KEY----- *******). Now, when I try to use > this private key and its certificate as keystore, the zookeeper is throwing > an error message > *"Caused by: org.apache.zookeeper.common.X509Exception$KeyManagerException: > java.security.spec.InvalidKeySpecException: Inappropriate key > specification: IOException : DER input, Integer tag error* > *". *I have mentioned both ssl.keyStore.password and ssl.key.password in > the config file as a precaution. Still the error persists. > > As a next trial, I have removed the encryption and combined the private key > and its public certificate into a single pem file. Now, when I use this > file as keystore, I am able to connect to the zookeeper using TLS without > any issues. > Is encrypted private key not supported by the zookeeper PEM reader or am I > missing something here? > Unfortunately I don't know, but if you can share the full stacktrace of the error we can try to understand where the error comes from and follow up with more details Enrico > I would be happy to reply with more details if needed. Hope you can help me > solve the issue. > > Thanks and Regards, > Sai Chandra Mouli T > > P.S: My domain certificate is signed by my own self-signed root CA. >
