Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-24404

Couchbase Certificate doesn't accept pkcs#8/12 private keys

    XMLWordPrintable

Details

    Description

      In following these steps: https://developer.couchbase.com/documentation/server/4.6/security/security-x509certsintro.html

      I tried using couchbase-cli ssl-manage --set-node-certificate using a cert and key that were minted by our in-house CA. It was rejected by the couchbase server as follows:

       

      [bweir@lca1-cbvt05 ~]$ couchbase-cli ssl-manage -c $(hostname -f) --set-node-certificate
      "Invalid private key type: PrivateKeyInfo."
      

       

      It seems that the key file is in PKCS#8 format which couchbase cannot understand. Can support for this be added? More info:

      http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key

      https://tools.ietf.org/html/rfc5208

      http://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa

       

       

      My current workaround is to use openssl to convert to PKCS#1 format with these commands:

      openssl rsa -in pkey.key.pkcs8 -out pkey.key.der -outform DER
      openssl rsa -in pkey.key.der -inform DER -out pkey.key.pkcs1 -outform PEM

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ianmccloy Ian McCloy
              bweir bweir
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty