ECS: Nelze nahrát certifikát ECDSA
Summary: Uživateli, který se pokouší odeslat certifikát do systému ECS, se zobrazí chyba: Chyby "Failed to load the private key" NEBO "The provided key and certificate do not match".
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Při nahrávání certifikátu podepsaného certifikační autoritou pro správu/dat v systému ECS pomocí nástroje pro certifikát ECS se zobrazí následující chyba.
admin@ecsnode01:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c /home/admin/CER/Management/server.pem -p /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: /home/admin/CER/Management/server.pem..DONE
Reading private key from: /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKM0XXXX00120-management_2023-05-30-07-06-32.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 999An unexpected error occurred, please check the ECS logs for more information
The provided key and certificate do not match
false headers: {'Date': 'Tue, 30 May 2023 07:06:34 GMT', 'Content-Length': '281', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}Cause
Tuto chybu může způsobit algoritmus veřejného klíče a algoritmus podpisu, který se neshoduje.
Resolution
Ověřte podepsaný certifikát. V následujícím příkladu je algoritmus Public Key RSA a algoritmus podpisu je ECDSA s FUNKCÍ SHA512.
admin@ecsnode01:~/CER/Management> openssl x509 -text -noout -in server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:89:4d:xx:a4:90:a6:a4:xx:c4:5f:xx:6d:43:ef:xx:78:91:f2:cc
Signature Algorithm: ecdsa-with-SHA512
Issuer: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Validity
Not Before: May 30 06:29:36 2023 GMT
Not After : May 28 06:29:36 2028 GMT
Subject: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:e4:31:7d:b6:13:43:bc:99:59:ad:8e:99:ae:
b8:28:20:85:71:46:xx:a9:d5:17:e4:e7:2e:bb:b7:
76:4f:4f:0e:e3:xx:fe:af:2a:d8:68:c2:98:af:de:
a7:28:c0:9d:03:37:fb:a3:4a:0c:a1:24:a6:2f:2c:
9a:ff:e8:03:d9:47:bf:69:28:6f:3e:xx:81:ea:e5:
40:5b:68:fb:9f:c4:b2:67:f9:ea:7e:ea:67:95:91:
20:45:70:bb:f5:c9:b8:e0:7e:87:f8:29:13:fa:87:
40:8e:b8:2a:b5:f6:1c:c2:e0:a5:54:47:66:bf:54:
0e:a5:52:55:a4:2f:2e:48:49:45:ac:d9:08:86:0b:
10:42:77:b2:9d:59:77:62:xx:6f:9a:4b:ec:14:81:
7c:b4:a1:43:1e:53:f7:71:ae:35:9e:6f:af:d1:95:
fe:b4:53:dd:15:ad:e8:01:77:81:7b:1a:fa:16:e8:
d6:36:xx:db:e3:70:57:87:ac:6f:e7:b6:e6:25:e0:
01:3a:86:f9:28:e1:e2:aa:73:xx:ea:69:be:11:98:
3b:a1:c9:d1:c5:98:a6:66:66:91:36:ca:11:9d:40:
df:46:5c:4d:27:xx:80:99:f3:82:bf:6c:2e:ae:5a:
04:9b:10:3f:8b:04:e5:f6:30:ef:c0:9c:87:6f:82:
40:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:xx:DB:EF:4C:F4:xx:C3:2A:0E:2B:8C:50:xx:85:46:F2:A1:E2:E3:xx
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:ecsnode1.agi.dell.com.in, DNS:ecsnode2.agi.dell.com.in, DNS:ecsnode3.agi.dell.com.in, DNS:ecsnode4.agi.dell.com.in,DNS:ecsnode5.agi.dell.com.in, IP Address:10.xx.xx.01, IP Address:10.xx.xx.02, IP Address:10.xx.xx.03, IP Address:10.xx.xx.04, IP Address:10.xx.xx.05, IP Address:10.xx.xx.04
Signature Algorithm: ecdsa-with-SHA512
30:65:02:xx:00:f9:77:76:6c:24:9b:64:cd:e2:06:3d:70:22:
d3:85:c5:5b:63:21:54:c5:7d:5c:b5:ce:xx:ad:8c:54:3a:12:
f7:89:xx:bd:70:c6:69:3a:b0:c6:be:7c:88:3c:51:6e:f0:02:
30:5e:01:73:9c:b8:16:e6:7e:9b:9d:ab:xx:07:bb:3d:cd:7f:
94:da:fa:8c:xx:0f:3c:32:a3:93:32:da:63:6b:4c:e6:ff:f1:
2f:4e:2c:c9:9f:62:22:xx:ff:b7:a7:01:c9
I když je řadič CSR podepsán algoritmem ECDSA, klíč selže při pokusu o nahrání do systému ECS.
admin@ecsnode1:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c CKMxxxxxxx048-management-ssc.crt -p CKMxxxxxxxx048-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: CKMxxxxxxx048-management-ssc.crt..DONE
Reading private key from: CKMxxxxxxx048-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKMxxxxxxx048-management_2023-06-17-08-39-27.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 1008Invalid parameter
Failed to load the private key.
false headers: {'Date': 'Sat, 17 Jun 2023 08:39:29 GMT', 'Content-Length': '209', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'} Rozhraní API odesílání certifikátů očekává klíč/certifikát RSA. Proto není metoda ECDSA v systému ECS podporována.Affected Products
ECS, Elastic Cloud StorageArticle Properties
Article Number: 000216060
Article Type: Solution
Last Modified: 02 Oct 2023
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.