Failed to decode server's CA:

arpita · June 16, 2023, 7:48am

Hi,
I have the below script and the client and server are residing in different keystores.
Server is residing in truststore and client is residing in keystore file.
Below is the script

/*
 * This script shows how to load certificates and keys from
 * a JKS keystore, so that they can be used in a configuring TLS.
 * This is just a showcase, and not a complete script.
 * The keystore MUST be created with JKS storetype.
 *
 * ⚠️ The PKCS#12 format is not supported.
 */

import { LoadJKS, TLS_1_2 } from "k6/x/kafka";

// If server and client keystore are separate, then you must
// call LoadJKS twice, once for each keystore.
// This will load the certificates and keys from the keystore
// and write them to the disk, so that they can be used in
// the TLS configuration.



const jks = LoadJKS({
  path: "/Users/arpita.sood/Documents/Maersk_code/xk6-kafka/fixtures/keystore.jks",
  password: "password",
  clientCertAlias: "localhost",
  clientKeyAlias: "localhost",
  clientKeyPassword: "password",
});

 jks = LoadJKS({
  path: "/Users/arpita.sood/Documents/Maersk_code/xk6-kafka/fixtures/truststore.jks",
  password: "password",
  serverCaAlias: "caroot",
});

const tlsConfig = {
  enableTls: true,
  insecureSkipTlsVerify: false,
  minVersion: TLS_1_2,

  // The certificates and keys can be loaded from a JKS keystore:
  // clientCertsPem is an array of PEM-encoded certificates, and the filenames
  // will be named "client-cert-0.pem", "client-cert-1.pem", etc.
  // clientKeyPem is the PEM-encoded private key and the filename will be
  // named "client-key.pem".
  // serverCaPem is the PEM-encoded CA certificate and the filename will be
  // named "server-ca.pem".
  clientCertPem: jks["clientCertsPem"][0], // The first certificate in the chain
 clientKeyPem: jks["clientKeyPem"],
  serverCaPem: jks["serverCaPem"],
};

export default function () {
  console.log(Object.keys(jks));
  console.log(jks);
  console.log(tlsConfig);
}

But i get the below error

ERRO[0000] GoError: Failed to decode server's CA: /Users/arpita.sood/Documents/Maersk_code/xk6-kafka/fixtures/kafka-keystore.jks, OriginalError: %!w(*errors.errorString=&{entry not found})
        at github.com/mostafa/xk6-kafka.(*Kafka).loadJKSFunction-fm (native)
        at file:///Users/arpita.sood/Documents/Maersk_code/xk6-kafka/scripts/test_tls_with_jks.js:20:20(31)  hint="script exception"

arpita · June 16, 2023, 7:57am

@inanc can you please help here.

arpita · June 16, 2023, 7:58am

@eyeveebe can you please help here?
Thanks

arpita · June 16, 2023, 9:25am

@olha can you please help here?
Thanks

eyeveebee · June 16, 2023, 9:57am

Hi @arpita

Welcome to the community forum

I kindly ask you to avoid pinging several users in the forum. When you create a topic community users will help out if they can/know how to, and when they have the time. You have to be patient. Thanks for understanding

Cheers!

mostafa · June 20, 2023, 8:54am

@arpita

I answered your question on the GH issue.

Topic		Replies	Views
Xk6 kafka query Extensions	1	205	May 10, 2023
Error while posting message on kafka topic using xk6 extension Extensions	5	366	March 24, 2023
Kafka logging with certificates from Vault PKI Grafana k6	14	674	June 21, 2022
Need to load certificate in K6 Converters & Integrations	20	1040	July 14, 2022
For tlsAuth, we don't have any key pem file with RSA Private key. We have only client authorised certificate. How to bypass the key parameter for tlsAuth? OSS Support	1	223	April 18, 2023

Failed to decode server's CA:

Related topics