Consul-Template error failed to parse key PEM data
246 views
Skip to first unread message
Wesley Staples
Dec 11, 2015, 8:17:46 PM12/11/15
to Consul
I'm attempting to use consul-template to read from vault however I'm receiving this error:
Consul Template returned errors: runner: crypto/tls: failed to parse key PEM data
my config file looks like this:
vault {
address = "https://address:8200"
token = "token here" // May also be specified via the envvar VAULT_TOKEN
renew = true
ssl {
enabled = true
verify = true
cert = "/etc/consul.d/ssl/consul.cert"
ca_cert = "/etc/consul.d/ssl/ca.cert"
}
}
I am able to do a curl request with those certificates so I know they are valid. Does consul-template need the certs key file? if so how do I add it?
Consul Template returned errors: runner: crypto/tls: failed to parse key PEM data
my config file looks like this:
vault {
address = "https://address:8200"
token = "token here" // May also be specified via the envvar VAULT_TOKEN
renew = true
ssl {
enabled = true
verify = true
cert = "/etc/consul.d/ssl/consul.cert"
ca_cert = "/etc/consul.d/ssl/ca.cert"
}
}
I am able to do a curl request with those certificates so I know they are valid. Does consul-template need the certs key file? if so how do I add it?
Jeff Mitchell
Jan 8, 2016, 8:51:24 PM1/8/16
to consu...@googlegroups.com
Hi Wesley,
It's hard to say what the exact problem is without asking you to
reveal your cert/key file, but it seems like you're providing
certificates (and specifically the associated key) in a way that C-T
doesn't understand. It seems to be trying to read it as PEM, but
perhaps they are in e.g. DER format. You may want to validate that the
cert/key are properly formatted as concatenated PEM blocks.
--Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/consul-tool/df10ced9-dd0b-4050-85c6-1ad4d2035cea%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
It's hard to say what the exact problem is without asking you to
reveal your cert/key file, but it seems like you're providing
certificates (and specifically the associated key) in a way that C-T
doesn't understand. It seems to be trying to read it as PEM, but
perhaps they are in e.g. DER format. You may want to validate that the
cert/key are properly formatted as concatenated PEM blocks.
--Jeff
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/consul/issues
> IRC: #consul on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Consul" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to consul-tool...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/consul-tool/df10ced9-dd0b-4050-85c6-1ad4d2035cea%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages