I have been at this for the better part of a couple of days and am at the end of my rope. I am trying to generate readable keys for a JAVA grpc server. I am using certstrap to generate the keys. Here is what I am doing:
certstrap init --common-name "GRPC" certstrap request-cert --common-name server.com certstrap sign sdl10236.labs.teradata.com --CA "GRPC" I get the following output: GRPC.crl, GRPC.crt, GRPC.key server.crt, server.csr, and server.key Now the problem here is when I go to load the certificates and keys. The source for reading the key in netty keeps saying that I do not have a valid private key. Exception in thread "main" java.lang.IllegalArgumentException: File does not contain valid private key: /tmp/server.com.key5252344955683539009 at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267) at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:222) at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:54) at com.teradata.grpc.GrpcServer.serverBuilder(GrpcServer.java:152) at com.teradata.grpc.GrpcServer.start(GrpcServer.java:69) at com.teradata.grpc.GrpcServer.main(GrpcServer.java:111) Caused by: java.security.KeyException: could not find a PKCS #8 private key in input stream (see http://netty.io/wiki/sslcontextbuilder-and-private-key.html for more information) at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:128) at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:109) at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014) at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265) ... 5 more Here is the code I am running: this.clientContextBuilder = GrpcSslContexts.configure(SslContextBuilder.forClient(), this.sslProvider); try { this.serverCertFile = this.loadCert("sdt03134.labs.teradata.com.crt"); this.serverPrivateKeyFile = this.loadCert("sdt03134.labs.teradata.com.key"); this.serverTrustedCaCerts = new X509Certificate[]{this.loadX509Cert("grpc.crt")}; <-- the barfing happens here. } catch (IOException ex) { The following methods I borrowed from the java unit tests to create the server: private File loadCert(String name) throws IOException { InputStream in = new BufferedInputStream(GrpcServer.class.getResourceAsStream("/certs/" + name)); File tmpFile = File.createTempFile(name, ""); tmpFile.deleteOnExit(); OutputStream os = new BufferedOutputStream(new FileOutputStream(tmpFile)); try { int b; while ((b = in.read()) != -1) { os.write(b); } os.flush(); } finally { in.close(); os.close(); } return tmpFile; } private X509Certificate loadX509Cert(String fileName) throws CertificateException, IOException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); logger.info("" + fileName); InputStream in = GrpcServer.class.getResourceAsStream("/certs/" + fileName); if (in != null) { logger.info("Inputstream is defined."); } try { return (X509Certificate) cf.generateCertificate(in); } finally { in.close(); } } private ServerBuilder<?> serverBuilder(int port, File serverCertChainFile, File serverPrivateKeyFile, X509Certificate[] serverTrustedCaCerts) throws IOException { SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile); GrpcSslContexts.configure(sslContextBuilder, sslProvider); sslContextBuilder.trustManager(serverTrustedCaCerts).clientAuth(ClientAuth.REQUIRE); return NettyServerBuilder.forPort(port).sslContext(sslContextBuilder.build()); } Any help would be appreciated here. Please do not reply with read the docs. I have been there many times and they just do not provide enough information to solve this problem. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/be8e5ca0-b3d7-4088-bdaf-7c414b0da06e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
