ECS : Impossible de télécharger le certificat ECDSA
概要: Un utilisateur qui tente de télécharger le certificat dans ECS reçoit l’erreur suivante : Erreurs « Failed to load the private key » OU « The provided key and certificate do not match ». ...
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
現象
L’erreur suivante s’affiche lors du téléchargement d’un certificat signé par l’autorité de certification de gestion/données dans ECS à l’aide de l’outil de certificat ECS.
admin@ecsnode01:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c /home/admin/CER/Management/server.pem -p /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: /home/admin/CER/Management/server.pem..DONE
Reading private key from: /home/admin/ecs_certificate_tool-1.6/generated_files/CKM0XXXX00120-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKM0XXXX00120-management_2023-05-30-07-06-32.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 999An unexpected error occurred, please check the ECS logs for more information
The provided key and certificate do not match
false headers: {'Date': 'Tue, 30 May 2023 07:06:34 GMT', 'Content-Length': '281', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'}原因
Un algorithme de clé publique et un algorithme de signature qui ne correspondent pas peuvent provoquer cette erreur.
解決方法
Vérifiez le certificat signé. Dans l’exemple suivant, l’algorithme de clé publique est RSA et l’algorithme de signature est ECDSA avec SHA512.
admin@ecsnode01:~/CER/Management> openssl x509 -text -noout -in server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:89:4d:xx:a4:90:a6:a4:xx:c4:5f:xx:6d:43:ef:xx:78:91:f2:cc
Signature Algorithm: ecdsa-with-SHA512
Issuer: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Validity
Not Before: May 30 06:29:36 2023 GMT
Not After : May 28 06:29:36 2028 GMT
Subject: C=IN, ST=Bagmane, L=Bangalore, O=Dell Technologies, OU=AGI, CN=ecsnode.agi.dell.com.in/emailAddress=ecsnode@dell.com.in
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:e4:31:7d:b6:13:43:bc:99:59:ad:8e:99:ae:
b8:28:20:85:71:46:xx:a9:d5:17:e4:e7:2e:bb:b7:
76:4f:4f:0e:e3:xx:fe:af:2a:d8:68:c2:98:af:de:
a7:28:c0:9d:03:37:fb:a3:4a:0c:a1:24:a6:2f:2c:
9a:ff:e8:03:d9:47:bf:69:28:6f:3e:xx:81:ea:e5:
40:5b:68:fb:9f:c4:b2:67:f9:ea:7e:ea:67:95:91:
20:45:70:bb:f5:c9:b8:e0:7e:87:f8:29:13:fa:87:
40:8e:b8:2a:b5:f6:1c:c2:e0:a5:54:47:66:bf:54:
0e:a5:52:55:a4:2f:2e:48:49:45:ac:d9:08:86:0b:
10:42:77:b2:9d:59:77:62:xx:6f:9a:4b:ec:14:81:
7c:b4:a1:43:1e:53:f7:71:ae:35:9e:6f:af:d1:95:
fe:b4:53:dd:15:ad:e8:01:77:81:7b:1a:fa:16:e8:
d6:36:xx:db:e3:70:57:87:ac:6f:e7:b6:e6:25:e0:
01:3a:86:f9:28:e1:e2:aa:73:xx:ea:69:be:11:98:
3b:a1:c9:d1:c5:98:a6:66:66:91:36:ca:11:9d:40:
df:46:5c:4d:27:xx:80:99:f3:82:bf:6c:2e:ae:5a:
04:9b:10:3f:8b:04:e5:f6:30:ef:c0:9c:87:6f:82:
40:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:xx:DB:EF:4C:F4:xx:C3:2A:0E:2B:8C:50:xx:85:46:F2:A1:E2:E3:xx
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:ecsnode1.agi.dell.com.in, DNS:ecsnode2.agi.dell.com.in, DNS:ecsnode3.agi.dell.com.in, DNS:ecsnode4.agi.dell.com.in,DNS:ecsnode5.agi.dell.com.in, IP Address:10.xx.xx.01, IP Address:10.xx.xx.02, IP Address:10.xx.xx.03, IP Address:10.xx.xx.04, IP Address:10.xx.xx.05, IP Address:10.xx.xx.04
Signature Algorithm: ecdsa-with-SHA512
30:65:02:xx:00:f9:77:76:6c:24:9b:64:cd:e2:06:3d:70:22:
d3:85:c5:5b:63:21:54:c5:7d:5c:b5:ce:xx:ad:8c:54:3a:12:
f7:89:xx:bd:70:c6:69:3a:b0:c6:be:7c:88:3c:51:6e:f0:02:
30:5e:01:73:9c:b8:16:e6:7e:9b:9d:ab:xx:07:bb:3d:cd:7f:
94:da:fa:8c:xx:0f:3c:32:a3:93:32:da:63:6b:4c:e6:ff:f1:
2f:4e:2c:c9:9f:62:22:xx:ff:b7:a7:01:c9
Même si la CSR est signée par une autorité de certification avec l’algorithme ECDSA, la clé échoue lors de la tentative de téléchargement vers ECS.
admin@ecsnode1:~/ecs_certificate_tool-1.6> python ecs_certificate_tool.py upload_certificate -c CKMxxxxxxx048-management-ssc.crt -p CKMxxxxxxxx048-management_private.key -m
ecs_certificate_tool v1.6
----------------------------------------------------------------------
Upload Certificate
----------------------------------------------------------------------
Authenticating using configured credentials..PASS
Reading certificate from: CKMxxxxxxx048-management-ssc.crt..DONE
Reading private key from: CKMxxxxxxx048-management_private.key..DONE
Backing up existing certificate if needed..
Backed up existing certificate to : /home/admin/ecs_certificate_tool-1.6/certificate_backups/CKMxxxxxxx048-management_2023-06-17-08-39-27.crt.backup
Uploading the certificate to ECS..Failed to upload certificate.
response: 1008Invalid parameter
Failed to load the private key.
false headers: {'Date': 'Sat, 17 Jun 2023 08:39:29 GMT', 'Content-Length': '209', 'Content-Type': 'application/xml', 'Connection': 'keep-alive'} L’API de téléchargement de certificat attend une clé/certificat RSA. Par conséquent, la méthode ECDSA n’est pas prise en charge dans ECS.対象製品
ECS, Elastic Cloud Storage文書のプロパティ
文書番号: 000216060
文書の種類: Solution
最終更新: 02 10月 2023
バージョン: 2
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。