[stork-users] Cannot import private key in stork

Mik J mikydevel at yahoo.fr
Mon Nov 18 22:14:29 UTC 2024 

Hello,

Following my previous message I broke stork server.

i) I use this command
 ./stork-tool cert-import  -f srvcert -i file1.crt
Is there a command to remove the certificates ? (cacert, srvkey, srvcert)

ii) I did a manual delete in the secret table but I think there were entries already existing ? What are they used for ?

iii) According to this page
https://kb.isc.org/docs/importing-external-certificates-to-stork
It's written
$ stork-tool cert-import -f cakey -i ca.key
And I don't understand it because I'm not supposed to have the ca.key.

Let's say I generate a private key for my server private.key and create my certificate request.
I send it to Verisign for example, and they send me back cert.crt

What I should import into stork would be private.key, cert.crt and verisign.crt (the CA certificate)
But I don't understand how it it possible to import the private key of Verisign.

iv) First, I wanted to implement a certificate to connect to stork through https and not http.
There should be two roles for certificates and TLS connections:
- Provide https for the stork user
- provide https / tls encryption for communication between the server and the agent.
I'm a bit confused here.
I expect a set of certificate/private key/CA for the https connection from a stork user AND ANOTHER set of certificate/private key/CA for the communication between the server and the agent.

Is there two sets of certificates ?

When I do these commands
$ stork-tool cert-import -f cakey -i ca.key
$ stork-tool cert-import -f cacert -i ca.crt
$ stork-tool cert-import -f srvkey -i server.key
$ stork-tool cert-import -f srvcert -i server.crt
Is it for the HTTPS connexion or the server/client connexion ?

Thank you


Le lundi 18 novembre 2024 à 21:58:10 UTC+1, Mik J <mikydevel at yahoo.fr> a écrit : 





Hello,

I try to import my private key but I have an error message

# ./stork-tool cert-import --db-host=/tmp -u storkuser -d storkdatabase -f srvkey -i stork.key
INFO[2024-11-18 21:50:26]       connection.go:90    Checking connection to database
INFO[2024-11-18 21:50:26]       connection.go:155   Connected to database /tmp/.s.PGSQL.5432
INFO[2024-11-18 21:50:26]            certs.go:372   server key loaded from stork.key file, length 3243
FATA[2024-11-18 21:50:26]             main.go:689   problem parsing the server key: parsing private key: x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)

My key is 4096 bits long

I also tested it with a test key of 2048 and I have the same message
INFO[2024-11-18 21:54:45]       connection.go:90    Checking connection to database
INFO[2024-11-18 21:54:45]       connection.go:155   Connected to database /tmp/.s.PGSQL.5432
INFO[2024-11-18 21:54:45]            certs.go:372   server key loaded from stork.key file, length 1679
FATA[2024-11-18 21:54:45]             main.go:689   problem parsing the server key: parsing private key: x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)


My test key looks like this (not confidential just for test puproses)
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAskZDIEapskg0izq7HfjHkrLeLa7uZCZ+PBI1rYc+Y2ZsKvM7
NBvOHNczvSLmjprXWuyMxkcUcnhGnx4MmNJ1vWQ8YV8Bmnlu2wn0yY3Gbi3sYcgE
8J+aJGPu8g32vzyQrCaHpAVrQQ+BiY7YOB5eaNdTKqIubwNyeWrQVY4/GokPv8Z+
YbprREucbpEwLlOScHliLXAlhKfLdWpOJlxnca7baSh8DW7qvN/nTP4f9Gl/l8WZ
cPTjHJIEIkeF4Yj86KPD9ghTDluNcve7nE/alMDtfhneXRdSpksGFdwZgcvSi4Up
hxX7UfQ37ntgYg25mECBB9DdHKZp4AoXUyaOJQIDAQABAoIBAF0paprLUpLgONUp
c+9Nur1my8SDzgB4PS+XNIXiTzASriQjx6SLg0J/E4KbYnDTagcR5t8W9hB72iv8
wAh8sxqt7v/TbjsTimLc6RcLB888IHNY23wDa8Hol03XDkMRm2jbGbcVPd9aAw+n
nkZ1WFDhdYyqBCnvWzsoHocXNtLePbueYv+IFvPLVibJNyBAUAFsxPsf7xuOhvf7
MrBiodgYg7AXZnRk4TorpFQrIB5AedP+pE/UlsibIvew2nTY1pFel3DNCQtapiuY
GF9lVBrKbQ8nFeXgUPtqy5KbtKQtHPCeupg7c6TD2PfJdum9EloA29HKD3XJ48pi
TooXBQECgYEA4ni76qZPN8939iN4Pm/2L+rjEjqfxVtxbsFbfkAlwu7/e/nzlnIp
9cotPs4yZawN1MoH0x1HKN3zcIaPQMOVx4YwlBdGzIGv3+Rxmfizle9pFyFsI+hH
TLhaK2CSOhiWmOPKPNyyg/Ok+f5fmo4DBVIVVnBvvLi+qDFIHuNMXHkCgYEAyYTI
cxjr5mfz7TMAzRNnP/HoTw1jSQ1sZtIPkc0O3AshBcp/LaLWw8zeUqAMVqWj52gU
TT6+ANQaVYQCw31dYuAMoB4cDDKV5lG4ocrbF0HofhY0TGOLQ0FkZM3Adb8vmIN2
6Kqzv11qlks5Yg82kPCSdKmiTFf+xHYVFZYFvA0CgYEA2G+8X/gLU3JC2ohxfXJx
HMBlvOEsGmhXExtVvmW98PuKTUjG5Gw877sF3LUhcwuouElQixG7FTJxWoQu2h1R
wrrbKFzKe94hYF8ptpX5w3xnugRmHjb6FTdGbZhAh6dCHeHtQJdHQFYUwBq78bBw
8J/O5qpUD0+cXo+itmpSazkCgYEAsj0dxp+uVxZu68gG11xoIGjonrMqs/yJetAl
MUJ7+ChnxuV6Y3T6HCjiI5aoEyNiu1SVUFVEXRs9R5IBl8MUjFW7FQxMpoU/jH2P
npr7+bAz4QHmtAH/tTbrgzVxGzRE9tKgo94IKiSIF/LlCFSIYN5Hy6QWhwv1rPL8
ZyFQZSkCgYEA0c9OLj3Cp9KSzBdjCLBF4eof88ebyeao3Sm/Q6/y1V6Zb8PHkEJq
27LlE8N+3vnUtXA/bEtiTmXX0UhZTvAYtFL37VymIPGSBp8bRWFu+Z5lSpu9vCv0
RE+lFWCwm72EAeJeEbwI7P4cPQexXol6RPePyVNj6RndMglu1qAs2jg=
-----END RSA PRIVATE KEY-----

More information about the Stork-users mailing list