我正在将证书身份验证设置为我的nifi服务器。错误读取X.509密钥或证书文件:解析错误
我已经使用nifi-tools/tls-toolkit从nifi project生成密钥库,信任库,客户端证书等。
我已将p12格式的tls-toolkit生成的客户端证书添加到我的浏览器并配置了我的nifi服务器属性。一切正常。
现在我想在ruby脚本中使用客户端证书。
要做到这一点我已经转换从P12格式的证书PEM格式这样的...
openssl pkcs12 -in CN=admin_DC=nifi_DC=com.p12 -passin pass:26V+Hs1qupglToDlVqO+oKW0yWR2jG3uXjuFTUus76o -out a.pem MAC verified OK Enter PEM pass phrase:
PEM密码短语空白。
为了测试它,我试过
curl --insecure --cert-type pem --cert "a.pem" "https://127.0.0.1:9443/nifi" curl: (35) error reading X.509 key or certificate file: Error in parsing.
错误解析?我还没有找到任何有关它的信息。
让我们来验证...
openssl verify a.pem a.pem: DC = com, DC = nifi, CN = admin error 20 at 0 depth lookup:unable to get local issuer certificate
验证与塔CA文件...
openssl verify -verbose -x509_strict -issuer_checks -CAfile nifi-cert.pem a.pem a.pem: OK
随着我的Ruby脚本失败过(明明)
require 'rest_client'
a = RestClient::Resource.new(
'https://127.0.0.1:9443/nifi',
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read("a.pem")),
:verify_ssl => OpenSSL::SSL::VERIFY_NONE
).get
pp a
`
我得到...
/usr/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert bad certificate (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/2.3.0/net/http.rb:933:in `connect'
from /usr/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from /usr/lib/ruby/2.3.0/net/http.rb:852:in `start'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:715:in `transmit'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in `execute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:52:in `execute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/resource.rb:51:in `get'
from test.rb:8:in `<main>'
的哪些错误?
谢谢。