jedisct1
commented
3 years ago Hi,
Are these RSA keys?
Closed icebluey closed 3 years ago
jedisct1
commented
3 years ago Hi,
Are these RSA keys?
icebluey
commented
3 years ago It's ecc certificate, issued by "acme.sh --issue --keylength ec-384 ".
jedisct1
commented
3 years ago So, that's why. It requires RSA certificates.
Maybe EC-based certs are supported by the rust TLS library, but I didn't manage to load them.
jedisct1
commented
3 years ago Some Googling seems to suggest that it should work, but the keys need to be converted with a command like this:
openssl pkcs8 -topk8 -nocrypt -in sec1.pem -out pkcs8.pemYep, just tried it and I can confirm that this works :)
icebluey
commented
3 years ago ECC certificate is more and more common. It will be better if can load ecc keys in default format.
jedisct1
commented
3 years ago Unfortunately there's no such thing as a default format. There are multiple ways to serialize keys :(
The Rust TLS library only supports PKCS#8 and given how opinionated it is, it's unlikely that it will support other formats anytime soon :(
icebluey
commented
3 years ago I am sorry, I'm really not familiar with rust :( The default format I said, I meant "openssl ecparam -genkey" default output, a typical traditional format private key file in PEM format :( An EC private key header and footer is formatted as follows: -----BEGIN EC PRIVATE KEY----- -----END EC PRIVATE KEY-----
doh-proxy version: 0.3.8+git0404b8f , built from source.
# doh-proxy -i ./fullchain.cer -I ./privkey.pemListening on https://127.0.0.1:3000/dns-query TLS certificates error: No private keys found TLS certificates error: No private keys found TLS certificates error: No private keys found TLS certificates error: No private keys found TLS certificates error: No private keys found ...fullchain.cer and privkey.pem work well for nginx server. What is problem here?