Grpc Java客户端的SSL连接

Question

我试图通过GRPC将Java客户端连接到非Java服务器。当不使用SSL时，我能够连接到服务器。当我尝试使用SSL上下文(使用提供的pem文件)创建ManagedChannel时，我会得到下面的异常(相同的pem文件适用于NodeJS客户端)。

ManagedChannel channel = NettyChannelBuilder.forAddress("localhost", 10010)
    .sslContext(GrpcSslContexts.forClient().trustManager(new File("./test/myprivkey.pem")).build())
    .build();

来自调用的trustManager异常：

Exception in thread "main" java.lang.IllegalArgumentException: File does not contain valid certificates: /Users/continue/IdeaProjects/git/test/build/resources/main/keys/myprivkey.pem
    at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:162)
    at com.test.io.grpc.test.client.Connection.getSslContext(Connection.java:65)
    at com.test.io.grpc.test.client.Connection.getSecure(Connection.java:41)
    at com.test.io.grpc.mgcs.client.TestClient.<init>(TestClient.java:36)
    at com.test.io.grpc.test.client.TestClient.main(TestClient.java:89)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Caused by: java.security.cert.CertificateException: found no certificates in input stream
    at io.netty.handler.ssl.PemReader.readCertificates(PemReader.java:98)
    at io.netty.handler.ssl.PemReader.readCertificates(PemReader.java:64)
    at io.netty.handler.ssl.SslContext.toX509Certificates(SslContext.java:999)
    at io.netty.handler.ssl.SslContextBuilder.trustManager(SslContextBuilder.java:160)

build.gradle相关章节

compile 'io.netty:netty-tcnative-boringssl-static:1.1.33.Fork26'

有什么想法会导致这个问题，或者如何进一步解决这个问题？

Answer 1

我将错误的文件读取为生成SslContext的证书文件。将不正确的输入替换为正确的证书文件修复了问题。

Answer 2

如果您的证书来自DNSSimple，我发现我需要做openssl pkcs8 -topk8 -nocrypt -in original.key -out new_key.key.pcks8来转换密钥的格式。:(