无法通过 google 客户端库创建 google CA 证书

Can't create google CA certificate via google client library

出现错误error parsing CSR: ToCertificateRequest: nil DER when decoding PEM

使用 gcp 控制台时相同的 CSR 有效

3 INVALID_ARGUMENT: error parsing CSR: generic:
:invalid_argument: error parsing CSR: ToCertificateRequest: nil DER when decoding PEM: 
-----BEGIN CERTIFICATE REQUEST-----\n      
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n      
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n      
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n      
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n      
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n      
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n      
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n      
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n      
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n      
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n      
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n      
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n      
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n      
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n      
-----END CERTIFICATE REQUEST-----

环境详情

重现步骤

  1. 使用 openssl 生成一个 csr openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
  2. cat MYCSR.csr
  3. 在 createCertificate 请求中发送该 csr:
  return await client.createCertificate({
    parent: '/path/to/pool',
    certificate: {
      name: 'my cert',
      lifetime: {
        seconds: 31536000, // 1 year
      },
      pemCsr: `-----BEGIN CERTIFICATE REQUEST-----
      MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
      ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
      AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk
      OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9
      6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK
      P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl
      Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo
      lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG
      SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy
      tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz
      s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG
      PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK
      v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun
      KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g
      -----END CERTIFICATE REQUEST-----`,
    },
  });

是格式问题,已通过连接行修复

        '-----BEGIN CERTIFICATE REQUEST-----\n' +
        'MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n' +
        'ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n' +
        'AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n' +
        'OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n' +
        '6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n' +
        'P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n' +
        'Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n' +
        'lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n' +
        'SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n' +
        'tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n' +
        's/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n' +
        'PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n' +
        'v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n' +
        'KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n' +
        '-----END CERTIFICATE REQUEST-----',