chris-joys opened a new issue #4067: URL: https://github.com/apache/rocketmq/issues/4067
我在生成证书文件并进行配置后出现了以下错误: java.lang.IllegalArgumentException: Input stream does not contain valid private key. 证书生成过程参考的以下文档: https://segmentfault.com/a/1190000010040134%E8%87%AA%E7%AD%BE%E8%AF%81%E4%B9%A6%E3%80%82 证书在服务器中的配置如下: # The flag to determine whether use test mode when initialize TLS context. default is true tls.test.mode.enable=true # Indicates how SSL engine respect to client authentication, default is none tls.server.need.client.auth=require # The store path of server-side private key tls.server.keyPath=/app/rocketmq/sslfiles/pkcs8_server.key # The password of the server-side private key tls.server.keyPassword=1234 # The store path of server-side X.509 certificate chain in PEM format tls.server.certPath=/app/rocketmq/sslfiles/server.crt # To determine whether verify the client endpoint's certificate strictly. default is false tls.server.authClient=true # The store path of trusted certificates for verifying the client endpoint's certificate tls.server.trustCertPath=/app/rocketmq/sslfiles/ca.crt # The store path of client-side private key tls.client.keyPath=/app/rocketmq/sslfiles/pkcs8_client.key # The password of the client-side private key tls.client.keyPassword=1234 # The store path of client-side X.509 certificate chain in PEM format tls.client.certPath=/app/rocketmq/sslfiles/client.crt # To determine whether verify the server endpoint's certificate strictly tls.client.authServer=true # The store path of trusted certificates for verifying the server endpoint's certificate tls.client.trustCertPath=/app/rocketmq/sslfiles/ca.crt 在客户端配置如下: # The store path of client-side private key tls.client.keyPath=C:\\tools\\tempData\\rocketMQTLS\\pkcs8_client.key # The password of the client-side private key tls.client.keyPassword=1234 # The store path of client-side X.509 certificate chain in PEM format tls.client.certPath=C:\\tools\\tempData\\rocketMQTLS\\client.crt # To determine whether verify the server endpoint's certificate strictly tls.client.authServer=true # The store path of trusted certificates for verifying the server endpoint's certificate tls.client.trustCertPath=C:\\tools\\tempData\\rocketMQTLS\\ca.crt 客户端连接服务器出现的错误如下: Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key. at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:293) at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:126) at org.apache.rocketmq.remoting.netty.NettyRemotingClient.<init>(NettyRemotingClient.java:133) at org.apache.rocketmq.client.impl.MQClientAPIImpl.<init>(MQClientAPIImpl.java:188) at org.apache.rocketmq.client.impl.factory.MQClientInstance.<init>(MQClientInstance.java:133) at org.apache.rocketmq.client.impl.MQClientManager.getOrCreateMQClientInstance(MQClientManager.java:52) at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:202) at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:188) at org.apache.rocketmq.client.producer.DefaultMQProducer.start(DefaultMQProducer.java:277) at ext.saicgmac.basic.AclProducer.main(AclProducer.java:18) Caused by: java.io.IOException: overrun, bytes = 613 at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978) at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034) at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024) at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:291) ... 9 more 请问是否对证书的生成有什么要求,或者是我的配置有什么问题? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
