JWT validation failed: KEY_RETRIEVAL_ERROR

305 views
Skip to first unread message

wei...@joyfun.com

unread,
Jan 17, 2018, 5:25:52 AM1/17/18
to Google Cloud Endpoints
I'm trying to make ESP support my custom authentication but got stuck. Does anyone has a clue how to fix this: 
This is from the error log of nginx
E0117 10:13:48.283261493 36 auth_jwt_validator.cc:539] Unable to parse x509 cert for key (-----BEGIN PUBLIC KEY-----MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxUGfVyLPHCuPnuApR6hL/l31nuB2MjRYXZ0FLBRqEwql5fWVNAr4W8ONtCXLk4q458/IIcJUyfIKEjZac/DKQ8Qq1FKAyt60njjhIAu6b6ZEyeHSSUhV9Y9pjx+QXe0pICyviJCPXTyFTRnolnpavmVdgj7Gv5m6R5Lx12itM0tf4xzEV3I1y0z6MFYy+X/Is5B+UlxvnDtcdCKI7JHLfxGjed6kb8QvOEjHRkOM6EAKdJ5pux9k8VAtBprST+QtwIWhHL2QrSBcVvNxGlee9N5BlRnYHXuykDBCJBGiI1XplKtr6UFQ7XSL/ybuHI2dJB0Xo+thn7UoWJDYXaejdUsMl+bGUJD6Xxarj3BVZHrKh8yj6F0AE0d0tajqPafWRK6d665YZWroju1NtgKy0OgTfYsfrYrZ/lSoxxTT5o2wz8Cr+tOJVe8DrZybbQ+fp15gXBJCUIKAgXHB+UQrTM194kej3WvcCY9FzVE2cshR39y94HqA3G2Vt8FTnbiirEgntdjEetTs0r8p/QCSNHZeAIBSGZJ4rzECes6pAKPTjUhHMuExLko1ugcCIAZ95lLP+NSszHmk5I6PkZqX4gbHND1BeP2W8tUEYs6mTs24gm8KMcPKtjKUgFiwuXIg0DWeYxCHuJKbm45DSaPCmtJHZWpvSSgqdW838T5bDuUCAwEAAQ==-----END PUBLIC KEY-----).E0117 10:13:48.283319723 36 auth_jwt_validator.cc:491] Failed to extract public key from X509 key (4e4740f70f15da17aed58781f664516936b50676)2018/01/17 10:13:48 [alert] 36#36: ignoring stale global SSL error (SSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE:Expecting: CERTIFICATE)2018/01/17 10:13:48[warn]36#36: Received non-matching report response service config ID: '', requested: '2018-01-17r4'

wei...@joyfun.com

unread,
Jan 17, 2018, 5:29:52 AM1/17/18
to Google Cloud Endpoints


Maybe a screenshot is more readable

Lizan Zhou

unread,
Jan 17, 2018, 2:36:00 PM1/17/18
to wei...@joyfun.com, Google Cloud Endpoints
Looks like your public key server is returning in RSA public key, not a X509 certificate. You need a X509 certificate or JWK public key.

On Wed, Jan 17, 2018 at 2:29 AM, <wei...@joyfun.com> wrote:


Maybe a screenshot is more readable

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/aa522c99-85bb-494e-a5a8-b0a323027c06%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

wei...@joyfun.com

unread,
Jan 17, 2018, 9:34:34 PM1/17/18
to Google Cloud Endpoints
Yeah. Thanks. finally got it work.
Reply all
Reply to author
Forward
0 new messages