Article Number: 000216060
admin@ecsnode01:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c /home/admin/CER/Management/server.pem -p /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key -m ecs_certificate_tool v1.6 ---------------------------------------------------------------------- Upload Certificate ---------------------------------------------------------------------- Authenticating using configured credentials..PASS Reading certificate from: /home/admin/CER/Management/server.pem..DONE Reading private key from: /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key..DONE Backing up existing certificate if needed.. Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKM0XXXX00120-management_2023-05-30-07-06-32.crt.backup Uploading the certificate to ECS..Failed to upload certificate. response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><code>999</code><description>An unexpected error occurred, please check the ECS logs for more information</description><details>The provided key and certificate do not match</details><retryable>false</retryable></error> headers: {'Date': 'Tue, 30 May 2023 07:06:34 GMT', 'Content-Length': '281', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}
admin@ecsnode01:~/CER/Management> openssl x509 -text -noout -in server.pem Certificate: Data: Version: 3 (0x2) Serial Number: 51:89:4d:xx:a4:90:a6:a4:xx:c4:5f:xx:6d:43:ef:xx:78:91:f2:cc Signature Algorithm: ecdsa-with-SHA512 Issuer: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in Validity Not Before: May 30 06:29:36 2023 GMT Not After : May 28 06:29:36 2028 GMT Subject: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:ce:e4:31:7d:b6:13:43:bc:99:59:ad:8e:99:ae: b8:28:20:85:71:46:xx:a9:d5:17:e4:e7:2e:bb:b7: 76:4f:4f:0e:e3:xx:fe:af:2a:d8:68:c2:98:af:de: a7:28:c0:9d:03:37:fb:a3:4a:0c:a1:24:a6:2f:2c: 9a:ff:e8:03:d9:47:bf:69:28:6f:3e:xx:81:ea:e5: 40:5b:68:fb:9f:c4:b2:67:f9:ea:7e:ea:67:95:91: 20:45:70:bb:f5:c9:b8:e0:7e:87:f8:29:13:fa:87: 40:8e:b8:2a:b5:f6:1c:c2:e0:a5:54:47:66:bf:54: 0e:a5:52:55:a4:2f:2e:48:49:45:ac:d9:08:86:0b: 10:42:77:b2:9d:59:77:62:xx:6f:9a:4b:ec:14:81: 7c:b4:a1:43:1e:53:f7:71:ae:35:9e:6f:af:d1:95: fe:b4:53:dd:15:ad:e8:01:77:81:7b:1a:fa:16:e8: d6:36:xx:db:e3:70:57:87:ac:6f:e7:b6:e6:25:e0: 01:3a:86:f9:28:e1:e2:aa:73:xx:ea:69:be:11:98: 3b:a1:c9:d1:c5:98:a6:66:66:91:36:ca:11:9d:40: df:46:5c:4d:27:xx:80:99:f3:82:bf:6c:2e:ae:5a: 04:9b:10:3f:8b:04:e5:f6:30:ef:c0:9c:87:6f:82: 40:eb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:xx:DB:EF:4C:F4:xx:C3:2A:0E:2B:8C:50:xx:85:46:F2:A1:E2:E3:xx X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: DNS:ecsnode1.agi.dell.com.in, DNS:ecsnode2.agi.dell.com.in, DNS:ecsnode3.agi.dell.com.in, DNS:ecsnode4.agi.dell.com.in,DNS:ecsnode5.agi.dell.com.in, IP Address:10.xx.xx.01, IP Address:10.xx.xx.02, IP Address:10.xx.xx.03, IP Address:10.xx.xx.04, IP Address:10.xx.xx.05, IP Address:10.xx.xx.04 Signature Algorithm: ecdsa-with-SHA512 30:65:02:xx:00:f9:77:76:6c:24:9b:64:cd:e2:06:3d:70:22: d3:85:c5:5b:63:21:54:c5:7d:5c:b5:ce:xx:ad:8c:54:3a:12: f7:89:xx:bd:70:c6:69:3a:b0:c6:be:7c:88:3c:51:6e:f0:02: 30:5e:01:73:9c:b8:16:e6:7e:9b:9d:ab:xx:07:bb:3d:cd:7f: 94:da:fa:8c:xx:0f:3c:32:a3:93:32:da:63:6b:4c:e6:ff:f1: 2f:4e:2c:c9:9f:62:22:xx:ff:b7:a7:01:c9Even if the CSR is CA signed with the ECDSA algorithm, Key fails while trying to upload to ECS.
admin@ecsnode1:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c CKMxxxxxxx048-management-ssc.crt -p CKMxxxxxxxx048-management_private.key -m ecs_certificate_tool v1.6 ---------------------------------------------------------------------- Upload Certificate ---------------------------------------------------------------------- Authenticating using configured credentials..PASS Reading certificate from: CKMxxxxxxx048-management-ssc.crt..DONE Reading private key from: CKMxxxxxxx048-management_private.key..DONE Backing up existing certificate if needed.. Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKMxxxxxxx048-management_2023-06-17-08-39-27.crt.backup Uploading the certificate to ECS..Failed to upload certificate. response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><code>1008</code><description>Invalid parameter</description><details>Failed to load the private key.</details><retryable>false</retryable></error> headers: {'Date': 'Sat, 17 Jun 2023 08:39:29 GMT', 'Content-Length': '209', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}Certificate upload API is expecting RSA key/certificate. Hence, the ECDSA method is not supported in ECS.
ECS, Elastic Cloud Storage
02 Oct 2023
2
Solution