You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nginx proxy manager가 자동 갱신하는 ECDSA방식의 ssl인증서를 등록시 아래와 같은 오류 발생
2023-07-06 16:29:57,878 ERROR [o.a.c.f.s.k.KeystoreManagerImpl] (API-Job-Executor-2:ctx-866341e0 job-344 ctx-c6bbf5a5) (logid:5ded5b53) Certificate validation failed due to exception for domain: *.ablecloud.io,ablecloud.io
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251)
at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
at com.cloud.utils.security.CertificateHelper.buildPrivateKey(CertificateHelper.java:138)
at com.cloud.utils.security.CertificateHelper.buildKeystore(CertificateHelper.java:121)
at com.cloud.utils.security.CertificateHelper.buildAndSaveKeystore(CertificateHelper.java:57)
at org.apache.cloudstack.framework.security.keystore.KeystoreManagerImpl.validateCertificate(KeystoreManagerImpl.java:58)
at com.cloud.server.ManagementServerImpl.uploadCertificate(ManagementServerImpl.java:4404)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
at com.sun.proxy.$Proxy216.uploadCertificate(Unknown Source)
at org.apache.cloudstack.api.command.admin.resource.UploadCustomCertificateCmd.execute(UploadCustomCertificateCmd.java:103)
at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:172)
at com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:106)
at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:634)
at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:48)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:55)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:102)
at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:52)
at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:45)
at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:582)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.security.InvalidKeyException: Invalid RSA private key
at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:291)
at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:342)
at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:355)
... 36 more
Caused by: java.io.IOException: Version must be 0
at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:269)
at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:342)
at java.base/sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:355)
... 36 more
재현 과정
ECDSA 방식으로 생성된 ssl인증서를 zone -> ssl certificate에 등록시 오류발생
참고: ECDSA방식 인증서는 proxy.ablecloud.io에 접속하여 다운로드 가능
기대한 결과
인증서 등록 성공
실제 결과
Invalid RSA private key 라는 management 서버 로그 발생
The text was updated successfully, but these errors were encountered:
이슈 타입
컴포넌트 이름
ABLESTACK 버전
구성
OS / 환경
이슈 내용
nginx proxy manager가 자동 갱신하는 ECDSA방식의 ssl인증서를 등록시 아래와 같은 오류 발생
재현 과정
기대한 결과
실제 결과
The text was updated successfully, but these errors were encountered: