您好我将RIAK KV配置为在SSL模式中使用。
但是当我尝试执行https请求时,我收到一条错误,指出它无法与服务器连接。 IT部门说的是关于设置协议和使用sha512,但无法在openssl密码或rial-admin密码中找到它....
希望有人可以提供帮助。
我已完成以下步骤。
#Generating certificate
## Generate Root CA and CSR
openssl genrsa -out rootCA.key 2048
openssl req -new -key rootCA.key -out rootCA.csr -subj "/C=PH/ST=PH/L=PH/O=Basho/OU=CliServ/CN=RootCA/emailAddress=dummy@dummy.com"
##Self Sign Root CA CSR and Generate a Certificate
openssl x509 -req -days 365 -in rootCA.csr -signkey rootCA.key -out rootCA-local.crt
## Generate a Key and CSR for Riak Node
openssl genrsa -out riaknode.key 2048
openssl req -new -key riaknode.key -out riaknode-local.csr -subj "/C=PH/ST=PH/L=PH/O=Basho/OU=CliServ/CN=riak/emailAddress=dummy@dummy.com"
## Sign the CSR with Root CA and Generate Certificate for Riak Node
openssl x509 -req -sha256 -days 365 -in riaknode.csr -CA rootCA-local.crt -CAkey rootCA.key -CAcreateserial -out riaknode-local.crt
mv rootCA-local.crt /etc/riak/
mv riaknode.key /etc/riak/
mv riaknode-local.crt /etc/riak/
#Configuration riak.Conf
listener.https.internal = 0.0.0.0:8098
curl https://localhost:8098/ -k -v
* Hostname was NOT found in DNS cache
* Trying ::1...
* connect to ::1 port 8098 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8098 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* Unknown SSL protocol error in connection to localhost:8098
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to localhost:8098
2016-12-13 17:08:46.086 [error] <0.2026.0> gen_fsm <0.2026.0> in state hello terminated with reason: no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402
2016-12-13 17:08:46.086 [error] <0.2026.0> CRASH REPORT Process <0.2026.0> with 0 neighbours exited with reason: no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402 in gen_fsm:terminate/7 line 622
2016-12-13 17:08:46.087 [error] <0.94.0> Supervisor ssl_connection_sup had child undefined started with {tls_connection,start_link,undefined} at <0.2026.0> exit with reason no function clause matching public_key:sign({digest,<<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,170,105,117,179,149,137,160,38,...>>}, sha512, undefined) line 402 in context child_terminated
2016-12-13 17:08:46.088 [error] <0.336.0> application: mochiweb, "Accept failed error", "{'EXIT',\n {{function_clause,\n [{public_key,sign,\n [{digest,\n <<203,0,93,119,124,75,96,235,210,210,127,214,193,218,169,\n 170,105,117,179,149,137,160,38,55,117,175,204,212,231,69,\n 131,51,123,20,141,186,237,133,174,61,99,146,95,35,21,134,\n 153,134,130,138,230,235,232,149,119,107,181,244,53,198,\n 162,193,202,208>>},\n sha512,undefined],\n [{file,\"public_key.erl\"},{line,402}]},\n {ssl_handshake,enc_server_key_exchange,6,\n [{file,\"ssl_handshake.erl\"},{line,660}]},\n {tls_connection,key_exchange,1,\n [{file,\"tls_connection.erl\"},{line,1626}]},\n {tls_connection,server_certify_and_key_exchange,1,\n [{file,\"tls_connection.erl\"},{line,1550}]},\n {tls_connection,new_server_hello,2,\n [{file,\"tls_connection.erl\"},{line,1467}]},\n {tls_connection,next_state,4,\n [{file,\"tls_connection.erl\"},{line,2558}]},\n {gen_fsm,handle_msg,7,[{file,\"gen_fsm.erl\"},{line,505}]},\n {proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,239}]}]},\n {gen_fsm,sync_send_all_state_event,\n [<0.2026.0>,{start,infinity},infinity]}}}"
2016-12-13 17:08:46.089 [error] <0.336.0> CRASH REPORT Process <0.336.0> with 0 neighbours exited with reason: {error,accept_failed} in mochiweb_acceptor:init/3 line 33
2016-12-13 17:08:46.089 [error] <0.335.0> {mochiweb_socket_server,320,{acceptor_error,{error,accept_failed}}}
答案 0 :(得分:0)
public_key:sign/3的第三个参数是私钥。该错误消息似乎表明它未定义。
您需要配置ssl.keyfile等。看到
http://docs.basho.com/riak/kv/2.2.0/using/security/basics/#enabling-ssl
您可以在How to create a pkcs12-certificate using sha512找到有用的信息,用于创建启用了sha512的证书。