zhukexingkong edited a comment on issue #6429: URL: https://github.com/apache/apisix/issues/6429#issuecomment-1056336485
@tzssangglass 1.The certificate and key are ok. The verification is as follows: [root@2d8f65f7ad67 tlsDir]# openssl x509 -in client.pem -pubkey -noout -outform pem | sha256sum 2ec0f9b02e96d824bc1c63179deacaea98320d9f94747070a5e0307a9c96ba1c - [root@2d8f65f7ad67 tlsDir]# openssl pkey -in client.key -pubout -outform pem | sha256sum 2ec0f9b02e96d824bc1c63179deacaea98320d9f94747070a5e0307a9c96ba1c - 2.The certificate and the key I uploaded to github, you can use the admin API to test and see if you can reproduce: https://github.com/zhukexingkong/SpringTest/tree/master/firstApplication/src/main/java/com/learn/apisixtls 3.I generated the certificate and key using the following command: #server keytool -genkey -alias server -keyalg RSA -keystore server.p12 -validity 360 -storepass 123456 -storetype PKCS12 -keysize 2048 -dname "CN=localhost, OU=localhost, O=localhost, L=CD, ST=CD, C=CN" #client keytool -genkey -alias client -keyalg RSA -keystore client.p12 -validity 360 -storepass 123456 -storetype PKCS12 -keysize 2048 -dname "CN=client, OU=client, O=client, L=CD, ST=CD, C=CN" p12 to cer: keytool -keystore client.p12 -export -alias client -file client.cer Server trusts client certificates: keytool -import -file client.cer -keystore server.p12 View the server key list: keytool -list -keystore server.p12 -storepass 123456 -storetype PKCS12 p12 to key: openssl pkcs12 -in client.p12 -nocerts -nodes -out client.key p12 to crt: openssl pkcs12 -in client.p12 -nokeys -out client.crt crt to pem: openssl x509 -in client.crt -out client.pem -outform PEM -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
