ECS: ECDSA-Zertifikat kann nicht hochgeladen werden
Summary: Ein Benutzer, der versucht, das Zertifikat in ECS hochzuladen, erhält DEN FOLGENDEN FEHLER: Fehler "Failed to load the private key" oder "The provided key and certificate do not match". ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Der folgende Fehler wird beim Hochladen eines von der Zertifizierungsstelle signierten Daten-/Managementzertifikats in ECS mithilfe des ECS-Zertifikattools angezeigt.
admin@ecsnode01:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c /home/admin/CER/Management/server.pem -p /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: /home/admin/CER/Management/server.pem..DONE
Reading private key from: /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKM0XXXX00120-management_2023-05-30-07-06-32.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 999An unexpected error occurred, please check the ECS logs for more information
The provided key and certificate do not match
false headers: {'Date': 'Tue, 30 May 2023 07:06:34 GMT', 'Content-Length': '281', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}Cause
Ein Öffentlicher Schlüsselalgorithmus und Signaturalgorithmus, die nicht übereinstimmen, können diesen Fehler verursachen.
Resolution
Überprüfen Sie das signierte Zertifikat. Im folgenden Beispiel lautet der Algorithmus für den öffentlichen Schlüssel RSA und der Signaturalgorithmus ECDSA mit SHA512.
admin@ecsnode01:~/CER/Management> openssl x509 -text -noout -in server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:89:4d:xx:a4:90:a6:a4:xx:c4:5f:xx:6d:43:ef:xx:78:91:f2:cc
Signature Algorithm: ecdsa-with-SHA512
Issuer: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Validity
Not Before: May 30 06:29:36 2023 GMT
Not After : May 28 06:29:36 2028 GMT
Subject: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:e4:31:7d:b6:13:43:bc:99:59:ad:8e:99:ae:
b8:28:20:85:71:46:xx:a9:d5:17:e4:e7:2e:bb:b7:
76:4f:4f:0e:e3:xx:fe:af:2a:d8:68:c2:98:af:de:
a7:28:c0:9d:03:37:fb:a3:4a:0c:a1:24:a6:2f:2c:
9a:ff:e8:03:d9:47:bf:69:28:6f:3e:xx:81:ea:e5:
40:5b:68:fb:9f:c4:b2:67:f9:ea:7e:ea:67:95:91:
20:45:70:bb:f5:c9:b8:e0:7e:87:f8:29:13:fa:87:
40:8e:b8:2a:b5:f6:1c:c2:e0:a5:54:47:66:bf:54:
0e:a5:52:55:a4:2f:2e:48:49:45:ac:d9:08:86:0b:
10:42:77:b2:9d:59:77:62:xx:6f:9a:4b:ec:14:81:
7c:b4:a1:43:1e:53:f7:71:ae:35:9e:6f:af:d1:95:
fe:b4:53:dd:15:ad:e8:01:77:81:7b:1a:fa:16:e8:
d6:36:xx:db:e3:70:57:87:ac:6f:e7:b6:e6:25:e0:
01:3a:86:f9:28:e1:e2:aa:73:xx:ea:69:be:11:98:
3b:a1:c9:d1:c5:98:a6:66:66:91:36:ca:11:9d:40:
df:46:5c:4d:27:xx:80:99:f3:82:bf:6c:2e:ae:5a:
04:9b:10:3f:8b:04:e5:f6:30:ef:c0:9c:87:6f:82:
40:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:xx:DB:EF:4C:F4:xx:C3:2A:0E:2B:8C:50:xx:85:46:F2:A1:E2:E3:xx
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:ecsnode1.agi.dell.com.in, DNS:ecsnode2.agi.dell.com.in, DNS:ecsnode3.agi.dell.com.in, DNS:ecsnode4.agi.dell.com.in,DNS:ecsnode5.agi.dell.com.in, IP Address:10.xx.xx.01, IP Address:10.xx.xx.02, IP Address:10.xx.xx.03, IP Address:10.xx.xx.04, IP Address:10.xx.xx.05, IP Address:10.xx.xx.04
Signature Algorithm: ecdsa-with-SHA512
30:65:02:xx:00:f9:77:76:6c:24:9b:64:cd:e2:06:3d:70:22:
d3:85:c5:5b:63:21:54:c5:7d:5c:b5:ce:xx:ad:8c:54:3a:12:
f7:89:xx:bd:70:c6:69:3a:b0:c6:be:7c:88:3c:51:6e:f0:02:
30:5e:01:73:9c:b8:16:e6:7e:9b:9d:ab:xx:07:bb:3d:cd:7f:
94:da:fa:8c:xx:0f:3c:32:a3:93:32:da:63:6b:4c:e6:ff:f1:
2f:4e:2c:c9:9f:62:22:xx:ff:b7:a7:01:c9
Selbst wenn die CSR mit dem ECDSA-Algorithmus signiert ist, schlägt der Schlüssel beim Hochladen in ECS fehl.
admin@ecsnode1:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c CKMxxxxxxx048-management-ssc.crt -p CKMxxxxxxxx048-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: CKMxxxxxxx048-management-ssc.crt..DONE
Reading private key from: CKMxxxxxxx048-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKMxxxxxxx048-management_2023-06-17-08-39-27.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 1008Invalid parameter
Failed to load the private key.
false headers: {'Date': 'Sat, 17 Jun 2023 08:39:29 GMT', 'Content-Length': '209', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'} Die Zertifikatupload-API erwartet RSA-Schlüssel/-Zertifikat. Daher wird die ECDSA-Methode in ECS nicht unterstützt.Affected Products
ECS, Elastic Cloud StorageArticle Properties
Article Number: 000216060
Article Type: Solution
Last Modified: 02 Oct 2023
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.