If you encounter this exception stack trace, take the steps that follow in this post:
java.util.concurrent.CompletionException: io.pravega.shared.protocol.netty.ConnectionFailedException: java.security.cert.CertificateException: No certificate data found
at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:273)
at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:280)
at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1592)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: io.pravega.shared.protocol.netty.ConnectionFailedException: java.security.cert.CertificateException: No certificate data found
at io.pravega.client.connection.impl.TcpClientConnection.createClientSocket(TcpClientConnection.java:261)
at io.pravega.client.connection.impl.TcpClientConnection.lambda$connect$1(TcpClientConnection.java:191)
at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1590)
... 7 common frames omitted
Caused by: java.security.cert.CertificateException: No certificate data found
at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:456)
at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356)
at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:462)
at io.pravega.common.util.CertificateUtils.extractCerts(CertificateUtils.java:52)
at io.pravega.common.util.CertificateUtils.extractCerts(CertificateUtils.java:45)
at io.pravega.common.util.CertificateUtils.createTrustStore(CertificateUtils.java:92)
at io.pravega.client.connection.impl.TcpClientConnection.createFromCert(TcpClientConnection.java:211)
at io.pravega.client.connection.impl.TcpClientConnection.createClientSocket(TcpClientConnection.java:229)
... 9 common frames omitted
Generate a private RSA key
openssl genrsa -out diagserverCA.key 2048
Create a x509 certificate
openssl req -x509 -new -nodes -key diagserverCA.key \ -sha256 -days 1024 -out diagserverCA.pem
Create a PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name server-cert \ -in diagserverCA.pem -inkey diagserverCA.key \ -out serverkeystore.p12
Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore server.keystore \ -srckeystore serverkeystore.p12 -srcstoretype pkcs12 -alias server-cert
Import a client's certificate to the server's trust store.
keytool -import -alias client-cert \ -file diagclientCA.pem -keystore server.truststore
Import a server's certificate to the server's trust store.
keytool -import -alias server-cert \ -file diagserverCA.pem -keystore server.truststore
Note the PEM format is imported and not other formats.
No comments:
Post a Comment