When configuring TLS, input stream does not contain valid private key appears

[chris-joys]

我在生成证书文件并进行配置后出现了以下错误：
java.lang.IllegalArgumentException: Input stream does not contain valid private key.

证书生成过程参考的以下文档：
https://segmentfault.com/a/1190000010040134%E8%87%AA%E7%AD%BE%E8%AF%81%E4%B9%A6%E3%80%82

证书在服务器中的配置如下：
tls.test.mode.enable=true
tls.server.need.client.auth=require
tls.server.keyPath=/app/rocketmq/sslfiles/pkcs8_server.key
tls.server.keyPassword=1234
tls.server.certPath=/app/rocketmq/sslfiles/server.crt
tls.server.authClient=true
tls.server.trustCertPath=/app/rocketmq/sslfiles/ca.crt
tls.client.keyPath=/app/rocketmq/sslfiles/pkcs8_client.key
tls.client.keyPassword=1234
tls.client.certPath=/app/rocketmq/sslfiles/client.crt
tls.client.authServer=true
tls.client.trustCertPath=/app/rocketmq/sslfiles/ca.crt

在客户端配置如下：
tls.client.keyPath=C:\tools\tempData\rocketMQTLS\pkcs8_client.key
tls.client.keyPassword=1234
tls.client.certPath=C:\tools\tempData\rocketMQTLS\client.crt
tls.client.authServer=true
tls.client.trustCertPath=C:\tools\tempData\rocketMQTLS\ca.crt

客户端连接服务器出现的错误如下：
Exception in thread "main" java.lang.IllegalArgumentException: Input stream does not contain valid private key.
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:293)
at org.apache.rocketmq.remoting.netty.TlsHelper.buildSslContext(TlsHelper.java:126)
at org.apache.rocketmq.remoting.netty.NettyRemotingClient.(NettyRemotingClient.java:133)
at org.apache.rocketmq.client.impl.MQClientAPIImpl.(MQClientAPIImpl.java:188)
at org.apache.rocketmq.client.impl.factory.MQClientInstance.(MQClientInstance.java:133)
at org.apache.rocketmq.client.impl.MQClientManager.getOrCreateMQClientInstance(MQClientManager.java:52)
at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:202)
at org.apache.rocketmq.client.impl.producer.DefaultMQProducerImpl.start(DefaultMQProducerImpl.java:188)
at org.apache.rocketmq.client.producer.DefaultMQProducer.start(DefaultMQProducer.java:277)
at ext.saicgmac.basic.AclProducer.main(AclProducer.java:18)
Caused by: java.io.IOException: overrun, bytes = 613
at javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:92)
at io.netty.handler.ssl.SslContext.generateKeySpec(SslContext.java:978)
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1034)
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1024)
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:291)
... 9 more

请问是否对证书的生成有什么要求，或者是我的配置有什么问题？有什么文档可以参考么？

[github-actions]

This issue is stale because it has been open for 365 days with no activity. It will be closed in 3 days if no further activity occurs.

[github-actions]

This issue was closed because it has been inactive for 3 days since being marked as stale.

[zhenliemao]

https://blog.csdn.net/CrazyJavaWu/article/details/120692079
可以参考这个，可能证书的格式不匹配