Hi Eric, thank you for the reply. I will take a look at that link. That may be my problem. I will post back after I try this out.
On Friday, November 3, 2017 at 4:08:47 PM UTC-7, Eric Anderson wrote: > > Have you looked at > http://netty.io/wiki/sslcontextbuilder-and-private-key.html ? > > I wasn't able to completely follow your directions (the last certstrap > command failed), but comparing the keys > in grpc-java/testing/src/main/resources/certs to those in certstrap > generated I see: > -----BEGIN PRIVATE KEY----- > vs > -----BEGIN RSA PRIVATE KEY----- > > Running openssl to convert the format as suggested by the netty > documentation yielded BEGIN PRIVATE KEY. I didn't try running with it, but > that looked promising. > > On Fri, Nov 3, 2017 at 8:23 AM, <[email protected] <javascript:>> > wrote: > >> I have been at this for the better part of a couple of days and am at the >> end of my rope. I am trying to generate readable keys for a JAVA grpc >> server. I am using certstrap to generate the keys. Here is what I am doing: >> >> >> certstrap init --common-name "GRPC" >> certstrap request-cert --common-name server.com >> certstrap sign sdl10236.labs.teradata.com --CA "GRPC" >> I get the following output: >> GRPC.crl, GRPC.crt, GRPC.key server.crt, server.csr, and server.key >> Now the problem here is when I go to load the certificates and keys. The >> source for reading the key in netty keeps saying that I do not have a valid >> private key. >> Exception in thread "main" java.lang.IllegalArgumentException: File does >> not contain valid private key: /tmp/server.com.key5252344955683539009 >> at >> io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:267) >> at >> io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:222) >> at >> io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:54) >> at com.teradata.grpc.GrpcServer.serverBuilder(GrpcServer.java:152) >> at com.teradata.grpc.GrpcServer.start(GrpcServer.java:69) >> at com.teradata.grpc.GrpcServer.main(GrpcServer.java:111) >> Caused by: java.security.KeyException: could not find a PKCS #8 private >> key in input stream (see >> http://netty.io/wiki/sslcontextbuilder-and-private-key.html for more >> information) >> at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:128) >> at io.netty.handler.ssl.PemReader.readPrivateKey(PemReader.java:109) >> at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1014) >> at >> io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:265) >> ... 5 more >> Here is the code I am running: >> this.clientContextBuilder = >> GrpcSslContexts.configure(SslContextBuilder.forClient(), this.sslProvider); >> try { >> this.serverCertFile = >> this.loadCert("sdt03134.labs.teradata.com.crt"); >> >> this.serverPrivateKeyFile = >> this.loadCert("sdt03134.labs.teradata.com.key"); >> >> this.serverTrustedCaCerts = new >> X509Certificate[]{this.loadX509Cert("grpc.crt")}; <-- the barfing happens >> here. >> } catch (IOException ex) { >> The following methods I borrowed from the java unit tests to create the >> server: >> private File loadCert(String name) throws IOException { >> InputStream in = new >> BufferedInputStream(GrpcServer.class.getResourceAsStream("/certs/" + name)); >> File tmpFile = File.createTempFile(name, ""); >> tmpFile.deleteOnExit(); >> >> OutputStream os = new BufferedOutputStream(new >> FileOutputStream(tmpFile)); >> try { >> int b; >> while ((b = in.read()) != -1) { >> os.write(b); >> } >> >> os.flush(); >> } finally { >> in.close(); >> os.close(); >> } >> >> return tmpFile; >> } >> >> private X509Certificate loadX509Cert(String fileName) throws >> CertificateException, IOException { >> CertificateFactory cf = CertificateFactory.getInstance("X.509"); >> logger.info("" + fileName); >> InputStream in = GrpcServer.class.getResourceAsStream("/certs/" + >> fileName); >> if (in != null) { >> logger.info("Inputstream is defined."); >> } >> try { >> return (X509Certificate) cf.generateCertificate(in); >> } finally { >> in.close(); >> } >> } >> >> private ServerBuilder<?> serverBuilder(int port, File >> serverCertChainFile, >> File serverPrivateKeyFile, X509Certificate[] >> serverTrustedCaCerts) throws IOException { >> SslContextBuilder sslContextBuilder = >> SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile); >> GrpcSslContexts.configure(sslContextBuilder, sslProvider); >> >> sslContextBuilder.trustManager(serverTrustedCaCerts).clientAuth(ClientAuth.REQUIRE); >> >> return >> NettyServerBuilder.forPort(port).sslContext(sslContextBuilder.build()); >> } >> >> Any help would be appreciated here. Please do not reply with read the >> docs. I have been there many times and they just do not provide enough >> information to solve this problem. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "grpc.io" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/grpc-io. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/be8e5ca0-b3d7-4088-bdaf-7c414b0da06e%40googlegroups.com >> >> <https://groups.google.com/d/msgid/grpc-io/be8e5ca0-b3d7-4088-bdaf-7c414b0da06e%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/cff2fd13-9c24-4a9c-8413-1a5398409f0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
