无法通过 google 客户端库创建 google CA 证书
Can't create google CA certificate via google client library
出现错误error parsing CSR: ToCertificateRequest: nil DER when decoding PEM
使用 gcp 控制台时相同的 CSR 有效
3 INVALID_ARGUMENT: error parsing CSR: generic:
:invalid_argument: error parsing CSR: ToCertificateRequest: nil DER when decoding PEM:
-----BEGIN CERTIFICATE REQUEST-----\n
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n
-----END CERTIFICATE REQUEST-----
环境详情
- OS:
- Node.js版本:14.19.0
@google-cloud/security-private-ca版本:3.1.0
重现步骤
- 使用 openssl 生成一个 csr
openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
cat MYCSR.csr- 在 createCertificate 请求中发送该 csr:
return await client.createCertificate({
parent: '/path/to/pool',
certificate: {
name: 'my cert',
lifetime: {
seconds: 31536000, // 1 year
},
pemCsr: `-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g
-----END CERTIFICATE REQUEST-----`,
},
});
是格式问题,已通过连接行修复
'-----BEGIN CERTIFICATE REQUEST-----\n' +
'MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n' +
'ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n' +
'AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n' +
'OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n' +
'6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n' +
'P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n' +
'Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n' +
'lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n' +
'SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n' +
'tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n' +
's/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n' +
'PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n' +
'v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n' +
'KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n' +
'-----END CERTIFICATE REQUEST-----',
出现错误error parsing CSR: ToCertificateRequest: nil DER when decoding PEM
使用 gcp 控制台时相同的 CSR 有效
3 INVALID_ARGUMENT: error parsing CSR: generic:
:invalid_argument: error parsing CSR: ToCertificateRequest: nil DER when decoding PEM:
-----BEGIN CERTIFICATE REQUEST-----\n
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n
-----END CERTIFICATE REQUEST-----
环境详情
- OS:
- Node.js版本:14.19.0
@google-cloud/security-private-ca版本:3.1.0
重现步骤
- 使用 openssl 生成一个 csr
openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr cat MYCSR.csr- 在 createCertificate 请求中发送该 csr:
return await client.createCertificate({
parent: '/path/to/pool',
certificate: {
name: 'my cert',
lifetime: {
seconds: 31536000, // 1 year
},
pemCsr: `-----BEGIN CERTIFICATE REQUEST-----
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g
-----END CERTIFICATE REQUEST-----`,
},
});
是格式问题,已通过连接行修复
'-----BEGIN CERTIFICATE REQUEST-----\n' +
'MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n' +
'ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n' +
'AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n' +
'OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n' +
'6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n' +
'P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n' +
'Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n' +
'lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n' +
'SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n' +
'tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n' +
's/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n' +
'PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n' +
'v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n' +
'KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n' +
'-----END CERTIFICATE REQUEST-----',