-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/zookeeper] Got error "the trustAnchors parameter must be non-empty" when using PKCS12 truststore for zookeeper tls communication #6182
Comments
Hi @shenqinb-star , The error message You could check if the above is the cause of the issue by opening a bash session inside your pod and running: # Check password and content are correct
keytool -list -storetype PKCS12 -keystore /opt/bitnami/zookeeper/certs/zookeeper-truststore.p12 -storepass <your_password>
# Check ownership and permissions
ls -la /opt/bitnami/zookeeper/certs/zookeeper-truststore.p12 I tried to reproduce your issue, but I was able to run Zookeeper using PKCS12 truststore and keystore. |
@migruiz4 Thanks for your replay, below are my test results, pleas help to see if there is any problems:
|
Hi, Your truststore is using a symlink, to discard the permissions issue, could you please check the permissions of the file under Additionally, could you please ensure your truststore password is configured correctly inside the zookeeper configuration?
I'd like to ensure the container configured it without issues and it matches your truststore password. |
@migruiz4, below are my test results:
|
Maybe you could try adding extraEnvVars:
- name: JVMFLAGS
value: "-Djavax.net.debug=all" The output is a bit noisy but may help us find the root cause of the issue. In my case, it shows the following after reading the PKCS12 truststore:
|
@migruiz4 I enabled
|
can you share the p12 keystore and truststore which works on your side, I can have tested in my side. |
Hi @shenqinb-star, I tried two approaches, creating PEM certs and then inserting them into the keystore:
The other approach is the one described in the Zookeeper documentation (https://zookeeper.apache.org/doc/r3.5.8/zookeeperAdmin.html) but adding
|
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback. |
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary. |
Which chart:
Chart Version: 6.2.0
Zookeeper Version: 3.6.2
Describe the bug
Got error "the trustAnchors parameter must be non-empty" when using PKCS12 truststore for zookeeper tls communication.
To Reproduce
Steps to reproduce the behavior:
The text was updated successfully, but these errors were encountered: