Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Duplicate
Priority: Major
Fix Version/s: backlog
Affects Version/s: 4.6.1
Component/s: ns_server
Labels:

Description

In following these steps: https://developer.couchbase.com/documentation/server/4.6/security/security-x509certsintro.html

I tried using couchbase-cli ssl-manage --set-node-certificate using a cert and key that were minted by our in-house CA. It was rejected by the couchbase server as follows:

[bweir@lca1-cbvt05 ~]$ couchbase-cli ssl-manage -c $(hostname -f) --set-node-certificate

"Invalid private key type: PrivateKeyInfo."

It seems that the key file is in PKCS#8 format which couchbase cannot understand. Can support for this be added? More info:

http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key

https://tools.ietf.org/html/rfc5208

http://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa

My current workaround is to use openssl to convert to PKCS#1 format with these commands:

openssl rsa -in pkey.key.pkcs8 -out pkey.key.der -outform DER

openssl rsa -in pkey.key.der -inform DER -out pkey.key.pkcs1 -outform PEM

Attachments

Issue Links

duplicates

MB-48003 Support PKCS#12 Cert format

Closed

relates to

MB-27405 Support for encrypted certificate private keys

Closed

Activity

People

Assignee:: Ian McCloy (Inactive)

Reporter:: bweir

Votes:: 1 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 16/May/17 1:55 PM

Updated:: 18/Aug/21 1:39 AM

Resolved:: 18/Aug/21 1:31 AM

Couchbase Certificate doesn't accept pkcs#8/12 private keys