我正在將證書身份驗證設置爲我的nifi服務器。錯誤讀取X.509密鑰或證書文件:解析錯誤
我已經使用nifi-tools/tls-toolkit從nifi project生成密鑰庫,信任庫,客戶端證書等。
我已將p12格式的tls-toolkit生成的客戶端證書添加到我的瀏覽器並配置了我的nifi服務器屬性。一切正常。
現在我想在ruby腳本中使用客戶端證書。
要做到這一點我已經轉換從P12格式的證書PEM格式這樣的...
openssl pkcs12 -in CN=admin_DC=nifi_DC=com.p12 -passin pass:26V+Hs1qupglToDlVqO+oKW0yWR2jG3uXjuFTUus76o -out a.pem MAC verified OK Enter PEM pass phrase:
PEM密碼短語空白。
爲了測試它,我試過
curl --insecure --cert-type pem --cert "a.pem" "https://127.0.0.1:9443/nifi" curl: (35) error reading X.509 key or certificate file: Error in parsing.
錯誤解析?我還沒有找到任何有關它的信息。
讓我們來驗證...
openssl verify a.pem a.pem: DC = com, DC = nifi, CN = admin error 20 at 0 depth lookup:unable to get local issuer certificate
驗證與塔CA文件...
openssl verify -verbose -x509_strict -issuer_checks -CAfile nifi-cert.pem a.pem a.pem: OK
隨着我的Ruby腳本失敗過(明明)
require 'rest_client'
a = RestClient::Resource.new(
'https://127.0.0.1:9443/nifi',
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read("a.pem")),
:verify_ssl => OpenSSL::SSL::VERIFY_NONE
).get
pp a
`
我得到...
/usr/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert bad certificate (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect'
from /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:715:in `transmit'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in `execute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:52:in `execute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/resource.rb:51:in `get'
from test.rb:8:in `<main>'
的哪些錯誤?
謝謝。