Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000216060

ECS: Não é possível fazer upload do certificado ECDSA

Summary: Um usuário que tenta fazer upload do certificado para o ECS recebe ERRO: Erros "Failed to load the private key" OU "The provided key and certificate do not match".

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

O seguinte erro é visto durante o upload do certificado assinado pela CA de gerenciamento/dados no ECS usando a ferramenta de certificado do ECS. 
admin@ecsnode01:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c /home/admin/CER/Management/server.pem -p /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------

Authenticating using configured credentials..PASS

Reading certificate from: /home/admin/CER/Management/server.pem..DONE
Reading private key from: /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKM0XXXX00120-management_2023-05-30-07-06-32.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 999An unexpected error occurred, please check the ECS logs for more information
The provided key and certificate do not match
false headers: {'Date': 'Tue, 30 May 2023 07:06:34 GMT', 'Content-Length': '281', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}

Cause

Um algoritmo de chave pública e algoritmo de assinatura que não correspondem pode causar esse erro.

Resolution

Verifique o certificado assinado. No exemplo a seguir, o algoritmo chave pública é RSA e o algoritmo de assinatura é ECDSA com SHA512. 
admin@ecsnode01:~/CER/Management> openssl x509 -text -noout -in server.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:89:4d:xx:a4:90:a6:a4:xx:c4:5f:xx:6d:43:ef:xx:78:91:f2:cc
    Signature Algorithm: ecdsa-with-SHA512
        Issuer: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
        Validity
            Not Before: May 30 06:29:36 2023 GMT
            Not After : May 28 06:29:36 2028 GMT
        Subject: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ce:e4:31:7d:b6:13:43:bc:99:59:ad:8e:99:ae:
                    b8:28:20:85:71:46:xx:a9:d5:17:e4:e7:2e:bb:b7:
                    76:4f:4f:0e:e3:xx:fe:af:2a:d8:68:c2:98:af:de:
                    a7:28:c0:9d:03:37:fb:a3:4a:0c:a1:24:a6:2f:2c:
                    9a:ff:e8:03:d9:47:bf:69:28:6f:3e:xx:81:ea:e5:
                    40:5b:68:fb:9f:c4:b2:67:f9:ea:7e:ea:67:95:91:
                    20:45:70:bb:f5:c9:b8:e0:7e:87:f8:29:13:fa:87:
                    40:8e:b8:2a:b5:f6:1c:c2:e0:a5:54:47:66:bf:54:
                    0e:a5:52:55:a4:2f:2e:48:49:45:ac:d9:08:86:0b:
                    10:42:77:b2:9d:59:77:62:xx:6f:9a:4b:ec:14:81:
                    7c:b4:a1:43:1e:53:f7:71:ae:35:9e:6f:af:d1:95:
                    fe:b4:53:dd:15:ad:e8:01:77:81:7b:1a:fa:16:e8:
                    d6:36:xx:db:e3:70:57:87:ac:6f:e7:b6:e6:25:e0:
                    01:3a:86:f9:28:e1:e2:aa:73:xx:ea:69:be:11:98:
                    3b:a1:c9:d1:c5:98:a6:66:66:91:36:ca:11:9d:40:
                    df:46:5c:4d:27:xx:80:99:f3:82:bf:6c:2e:ae:5a:
                    04:9b:10:3f:8b:04:e5:f6:30:ef:c0:9c:87:6f:82:
                    40:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:xx:DB:EF:4C:F4:xx:C3:2A:0E:2B:8C:50:xx:85:46:F2:A1:E2:E3:xx

            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:ecsnode1.agi.dell.com.in, DNS:ecsnode2.agi.dell.com.in, DNS:ecsnode3.agi.dell.com.in, DNS:ecsnode4.agi.dell.com.in,DNS:ecsnode5.agi.dell.com.in, IP Address:10.xx.xx.01, IP Address:10.xx.xx.02, IP Address:10.xx.xx.03, IP Address:10.xx.xx.04, IP Address:10.xx.xx.05, IP Address:10.xx.xx.04
    Signature Algorithm: ecdsa-with-SHA512
         30:65:02:xx:00:f9:77:76:6c:24:9b:64:cd:e2:06:3d:70:22:
         d3:85:c5:5b:63:21:54:c5:7d:5c:b5:ce:xx:ad:8c:54:3a:12:
         f7:89:xx:bd:70:c6:69:3a:b0:c6:be:7c:88:3c:51:6e:f0:02:
         30:5e:01:73:9c:b8:16:e6:7e:9b:9d:ab:xx:07:bb:3d:cd:7f:
         94:da:fa:8c:xx:0f:3c:32:a3:93:32:da:63:6b:4c:e6:ff:f1:
         2f:4e:2c:c9:9f:62:22:xx:ff:b7:a7:01:c9
Mesmo que a CSR seja assinada pela CA com o algoritmo ECDSA, a chave falhará ao tentar fazer upload para o ECS. 
admin@ecsnode1:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c CKMxxxxxxx048-management-ssc.crt -p CKMxxxxxxxx048-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------

Authenticating using configured credentials..PASS

Reading certificate from: CKMxxxxxxx048-management-ssc.crt..DONE
Reading private key from: CKMxxxxxxx048-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKMxxxxxxx048-management_2023-06-17-08-39-27.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
 response: 1008Invalid parameter
Failed to load the private key.
false headers: {'Date': 'Sat, 17 Jun 2023 08:39:29 GMT', 'Content-Length': '209', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'} A API de upload de certificados está esperando a chave/certificado da RSA. Portanto, o método ECDSA não é compatível com o ECS.

Article Properties

Affected Product

ECS, Elastic Cloud Storage

Last Published Date

02 Oct 2023

Version

2

Article Type

Solution

Back to Top