-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interop+Crypto+OpenSslCryptographicException: error:10000080:BIO routines::no such file #4186
Comments
knowitall12
changed the title
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character
Interop+Crypto+OpenSslCryptographicException: error:10000080:BIO routines::no such file
Mar 7, 2024
I have tried:
|
Hi @knowitall12, does your certificate file contain empty lines? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We are deploying the event store db on docker. It's a single node deployment on a AWS EC2 instance. We are using the certificate file generated for EC2 instance. We are getting following error:
[ 1, 1,09:57:30.426,FTL] Host terminated unexpectedly.
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
To Reproduce
Steps to reproduce the behavior:
sudo docker run --name esdb-node-security -it -p 2113:2113 -p 1113:1113 -v /home/eventStoreDB/eventStore/logs:/var/log/eventstore -v /home/eventStoreDB/eventStore:/var/lib/eventstore -v /etc/pki/tls/:/etc/pki/tls/ -e ASPNETCORE_Kestrel__Certificates__Default__Path="/etc/pki/tls/certs/file_name.pfx" -e ASPNETCORE_Kestrel__Certificates__Default__Password="password_masked" eventstore/eventstore:latest --run-projections=All --enable-external-tcp --enable-atom-pub-over-http --certificate-reserved-node-common-name 10.241.126.84 --trusted-root-certificates-path /etc/pki/tls/certs/ --certificate-file certificate.pem --certificate-private-key-file=/etc/pki/tls/certs/key.pem
Expected behavior
Docker container should have started.
Actual behavior
Docker container is failing.
Config/Logs/Screenshots
[ 1, 1,09:57:29.854,INF]
"ES VERSION:" "23.10.1.0" ("oss-v23.10.1"/"3ce7f59f2", "2024-01-17T12:51:15+00:00")
[ 1, 1,09:57:29.862,INF] "OS ARCHITECTURE:" X64
[ 1, 1,09:57:29.889,INF] "OS:" Linux ("Unix 5.10.209.198")
[ 1, 1,09:57:29.893,INF] "RUNTIME:" ".NET 6.0.27/80de56dad" (64-bit)
[ 1, 1,09:57:29.895,INF] "GC:" "3 GENERATIONS" "IsServerGC: False" "Latency Mode: Interactive"
[ 1, 1,09:57:29.895,INF] "LOGS:" "/var/log/eventstore"
[ 1, 1,09:57:29.959,INF]
MODIFIED OPTIONS:
CERTIFICATE OPTIONS:
CERTIFICATE RESERVED NODE COMMON NAME: 10.x.x.x (Command Line)
TRUSTED ROOT CERTIFICATES PATH: /etc/pki/tls/certs/ (Command Line)
DEFAULT OPTIONS:
APPLICATION OPTIONS:
ALLOW ANONYMOUS ENDPOINT ACCESS: False ()
ALLOW ANONYMOUS STREAM ACCESS: False ()
ALLOW UNKNOWN OPTIONS: False ()
CONFIG: /etc/eventstore/eventstore.conf ()
DISABLE HTTP CACHING: False ()
ENABLE HISTOGRAMS: False ()
HELP: False ()
INSECURE: False ()
LOG FAILED AUTHENTICATION ATTEMPTS: False ()
LOG HTTP REQUESTS: False ()
MAX APPEND SIZE: 1048576 ()
OVERRIDE ANONYMOUS ENDPOINT ACCESS FOR GOSSIP: True ()
SKIP INDEX SCAN ON READS: False ()
STATS PERIOD SEC: 30 ()
TELEMETRY OPTOUT: False ()
VERSION: False ()
WHAT IF: False ()
WORKER THREADS: 0 ()
[ 1, 1,09:57:29.964,WRN] DEPRECATED
The Legacy TCP Client Interface has been deprecated as of version 20.6.0. It is recommended to use gRPC instead.
AtomPub over HTTP Interface has been deprecated as of version 20.6.0. It is recommended to use gRPC instead
1, 1,11:39:10.486,INF] Cannot find plugins path: "/usr/share/eventstore/plugins"
[ 1, 1,11:39:10.780,DBG] MessageHierarchy initialization took 00:00:00.2687165.
[ 1, 1,11:39:10.888,INF] Loading the node's certificate(s) from file: "certificate.pem"
[ 1, 1,11:39:10.978,FTL] Host terminated unexpectedly.
Interop+Crypto+OpenSslCryptographicException: error:10000080:BIO routines::no such file
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at EventStore.Core.CertificateUtils.LoadFromFile(String certificatePath, String privateKeyPath, String certificatePassword, String certificatePrivateKeyPassword) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/Certificates/CertificateUtils.cs:line 148
at EventStore.Core.ClusterVNodeOptionsExtensions.LoadNodeCertificate(ClusterVNodeOptions options) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/ClusterVNodeOptionsExtensions.cs:line 239
at EventStore.Core.Certificates.OptionsCertificateProvider.LoadCertificates(ClusterVNodeOptions options) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/Certificates/OptionsCertificateProvider.cs:line 17
at EventStore.Core.ClusterVNode
1.ReloadCertificates(ClusterVNodeOptions options) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/ClusterVNode.cs:line 1862 at EventStore.Core.ClusterVNode
1..ctor(ClusterVNodeOptions options, ILogFormatAbstractorFactory1 logFormatAbstractorFactory, AuthenticationProviderFactory authenticationProviderFactory, AuthorizationProviderFactory authorizationProviderFactory, IReadOnlyList
1 additionalPersistentSubscriptionConsumerStrategyFactories, CertificateProvider certificateProvider, MetricsConfiguration metricsConfiguration, IExpiryStrategy expiryStrategy, Nullable1 instanceId, Int32 debugIndex) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/ClusterVNode.cs:line 249 at EventStore.Core.ClusterVNode.Create[TStreamId](ClusterVNodeOptions options, ILogFormatAbstractorFactory
1 logFormatAbstractorFactory, AuthenticationProviderFactory authenticationProviderFactory, AuthorizationProviderFactory authorizationProviderFactory, IReadOnlyList1 factories, CertificateProvider certificateProvider, MetricsConfiguration metricsConfiguration, Nullable
1 instanceId, Int32 debugIndex) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.Core/ClusterVNode.cs:line 85at EventStore.ClusterNode.ClusterVNodeHostedService..ctor(ClusterVNodeOptions options, CertificateProvider certificateProvider, MetricsConfiguration metricsConfiguration) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.ClusterNode/ClusterVNodeHostedService.cs:line 105
at EventStore.ClusterNode.Program.Main(String[] args) in /home/runner/work/TrainStation/TrainStation/build/oss-eventstore/src/EventStore.ClusterNode/Program.cs:line 171
EventStore details
EventStore server version: v23.10
Operating system: NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"
Amazon Linux release 2 (Karoo)
EventStore client library and version (if applicable):
The text was updated successfully, but these errors were encountered: