Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-24404

Couchbase Certificate doesn't accept pkcs#8/12 private keys

    XMLWordPrintable

Details

    Description

      In following these steps: https://developer.couchbase.com/documentation/server/4.6/security/security-x509certsintro.html

      I tried using couchbase-cli ssl-manage --set-node-certificate using a cert and key that were minted by our in-house CA. It was rejected by the couchbase server as follows:

       

      [bweir@lca1-cbvt05 ~]$ couchbase-cli ssl-manage -c $(hostname -f) --set-node-certificate
      		 
      "Invalid private key type: PrivateKeyInfo."

       

      It seems that the key file is in PKCS#8 format which couchbase cannot understand. Can support for this be added? More info:

      http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key

      https://tools.ietf.org/html/rfc5208

      http://stackoverflow.com/questions/18039401/how-can-i-transform-between-the-two-styles-of-public-key-format-one-begin-rsa

       

       

      My current workaround is to use openssl to convert to PKCS#1 format with these commands:

      openssl rsa -in pkey.key.pkcs8 -out pkey.key.der -outform DER
      		 
      openssl rsa -in pkey.key.der -inform DER -out pkey.key.pkcs1 -outform PEM

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. MB-48003 Support PKCS#12 Cert format

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MB-27405 Support for encrypted certificate private keys

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ianmccloy Ian McCloy (Inactive)
              bweir bweir
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty