<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:37:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-1753] Mongo go driver - giving key mismatch error while connecting with ssl enabled and encrypted key</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-1753</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;I&apos;m getting following error while trying to connect to mongodb server from golang application kubernetes pod.&lt;br/&gt;
tls: private key does not match public key&lt;/p&gt;

&lt;p&gt;I&apos;m using mongo-go-driver version 1.4.1&lt;/p&gt;

&lt;p&gt;Key is RSA encrypted. ----&lt;del&gt;BEGIN RSA PRIVATE KEY&lt;/del&gt;---- Proc-Type: 4,ENCRYPTED DEK-Info: ..&lt;/p&gt;

&lt;p&gt;PFB application code to connect&lt;br/&gt;
&#160;{{    m.context, _ = context.WithTimeout(context.Background(), 30*time.Second)}}&lt;br/&gt;
{{}}&lt;br/&gt;
{{    certFilePath := &amp;lt;path&amp;gt;}}&lt;br/&gt;
{{    keyPassword := &amp;lt;password&amp;gt;}}&lt;br/&gt;
{{}}&lt;br/&gt;
{{    uri := &quot;mongodb://user:password@&amp;lt;mongoserver&amp;gt;:27017/?authSource=&amp;lt;dbname&amp;gt;&amp;amp;authMechanism=scram-sha-1&amp;amp;connect=direct&amp;amp;ssl=true&amp;amp;sslClientCertificateKeyFile=%s&amp;amp;sslClientCertificateKeyPassword=%s&amp;amp;sslInsecure=true&amp;amp;sslAllowInvalidCertificates=true&quot;    uri = fmt.Sprintf(uri, certFilePath, keyPassword)}}&lt;br/&gt;
{{}}&lt;br/&gt;
{{    log.Println(&quot;ConnectDB: creating mongo client new&quot;)}}&lt;br/&gt;
{{    clientOptions := []*options.ClientOptions&lt;/p&gt;
{        options.Client().ApplyURI(uri),//.SetAuth(credential),}
&lt;p&gt;}}&lt;br/&gt;
{{}}&lt;br/&gt;
{{    log.Println(&quot;ConnectDB: connecting client&quot;)    m.client, err = mongo.Connect(m.context, clientOptions...)if nil != err &lt;/p&gt;
{        panic(err)}
&lt;p&gt;}}&lt;br/&gt;
Same key and certs are working fine when connecting using Robo 3T or Studio 3T&lt;/p&gt;

&lt;p&gt;Please help me in resolving key mismatch error.&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="1478657">GODRIVER-1753</key>
            <summary>Mongo go driver - giving key mismatch error while connecting with ssl enabled and encrypted key</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13202">Works as Designed</resolution>
                                        <assignee username="divjot.arora@mongodb.com">Divjot Arora</assignee>
                                    <reporter username="prakhar.deep12@gmail.com">prakhar deep</reporter>
                        <labels>
                    </labels>
                <created>Thu, 17 Sep 2020 18:59:33 +0000</created>
                <updated>Fri, 27 Oct 2023 13:16:26 +0000</updated>
                            <resolved>Mon, 16 Nov 2020 22:07:45 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3492762" author="divjot.arora" created="Mon, 16 Nov 2020 22:07:45 +0000"  >&lt;p&gt;Given that the linked PR would be a breaking behavioral change for the driver and there is a workaround for this issue, we&apos;ve elected to close this ticket for now.&lt;/p&gt;</comment>
                            <comment id="3468010" author="divjot.arora" created="Thu, 29 Oct 2020 14:44:33 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Apologies for the delay in reviewing the PR. After looking more into the tls.X509KeyPair function, I don&apos;t think the proposed solution is correct. I wrote up some test cases at &lt;a href=&quot;https://github.com/divjotarora/godriver1753&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this repository&lt;/a&gt;. When specifying a file that has multiple certificates, it seems that the tls.X509KeyPair function only uses the first rather than testing all of them. I also verified this with the function&apos;s &lt;a href=&quot;https://github.com/golang/go/blob/c45d78013f92a29285cd81488eb7a16819f01e18/src/crypto/tls/tls.go#L276&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;source code&lt;/a&gt;]. The function first iterates through all blocks in the &lt;tt&gt;certPEMBlock&lt;/tt&gt; parameter and stores all blocks of type &quot;CERTIFICATE&quot;. However, the &lt;a href=&quot;https://github.com/golang/go/blob/c45d78013f92a29285cd81488eb7a16819f01e18/src/crypto/tls/tls.go#L325&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;x509.ParseCertificate&lt;/a&gt; call only uses &lt;tt&gt;cert.Certificate&lt;span class=&quot;error&quot;&gt;&amp;#91;0&amp;#93;&lt;/span&gt;&lt;/tt&gt;, which indicates that all certificate blocks after the first are thrown away.&lt;/p&gt;

&lt;p&gt;Given this, we can&apos;t accept the proposed change as it would be a backwards-breaking behavioral change for the driver. You should be able to work around this by using a certificate file that only has one certificate, which&#160; is the generally accepted use case, or by ensuring that the correct certificate is at the end of the file. Would these be sufficient workarounds for you?&lt;/p&gt;

&lt;p&gt;&amp;#8211; Divjot&lt;/p&gt;</comment>
                            <comment id="3465002" author="divjot.arora" created="Tue, 27 Oct 2020 16:53:59 +0000"  >&lt;p&gt;community PR:&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/521&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/521&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3452889" author="JIRAUSER1256961" created="Mon, 19 Oct 2020 20:45:36 +0000"  >&lt;p&gt;Hi Divjot,&lt;/p&gt;

&lt;p&gt;I looked into client options code ( &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/master/mongo/options/clientoptions.go&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/master/mongo/options/clientoptions.go&lt;/a&gt;&#160;&#160;) and found out in the method&#160;&lt;b&gt;addClientCertFromBytes,&lt;/b&gt;&#160;only last certificate is getting propagated if multiple certs are present. ( &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/935fe3f869a9d46940f402873c97c19d19a8d41d/mongo/options/clientoptions.go#L884&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/935fe3f869a9d46940f402873c97c19d19a8d41d/mongo/options/clientoptions.go#L884&lt;/a&gt;&#160;)&lt;/p&gt;

&lt;p&gt;This is causing the key mismatch issue in tls config. When multiple certificates are present, code loops through and retains/propagates only the last one, which later causes key mismatch error.&lt;/p&gt;

&lt;p&gt;I have added code to keep appending certs to certblock to care of above scenario. Post that I&apos;m now able to successfully connect to db from application code. (&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/521&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/521&lt;/a&gt;&#160;Added this PR - please let me know if changes are ok)&lt;/p&gt;

&lt;p&gt;&#160;&lt;br/&gt;
Regards&lt;br/&gt;
Prakhar Deep&lt;/p&gt;</comment>
                            <comment id="3452871" author="divjot.arora" created="Mon, 19 Oct 2020 20:38:02 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thank you for opening the PR at&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/521&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/521&lt;/a&gt;. I&apos;ll take a look at the PR this week and leave a review. If this is actually a bug, we&apos;ll try to get it merged for the 1.4.3 release.&lt;/p&gt;

&lt;p&gt;&amp;#8211; Divjot&lt;/p&gt;</comment>
                            <comment id="3444787" author="JIRAUSER1256961" created="Wed, 14 Oct 2020 18:45:12 +0000"  >&lt;p&gt;Hi Divjot,&lt;/p&gt;

&lt;p&gt;Sorry for delay. I have tried the code you provided in the link in last comment. I didn&apos;t get any error while using it and log printed success after creating TLS pair.&lt;/p&gt;</comment>
                            <comment id="3418613" author="divjot.arora" created="Wed, 30 Sep 2020 14:52:05 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thanks for trying that out. At this point, I think the next step is to reproduce this without involving the driver. I&apos;ve written up a gist with some code to load a certificate and an encrypted private key and use them to create a TLS key pair at &lt;a href=&quot;https://gist.github.com/divjotarora/09d783ba857bbeebfca16d140d8e6505&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://gist.github.com/divjotarora/09d783ba857bbeebfca16d140d8e6505&lt;/a&gt;. I&apos;ve verified that this works with my cert and key. The x509.DecryptPEMBlock call fails if I provide the wrong password and the tls.X509KeyPair call fails if I provide a different key that doesn&apos;t match the certificate, as expected. Can you try this script against your cert/key pair? Hopefully it will help us figure out why we haven&apos;t been able to reproduce this issue.&lt;/p&gt;

&lt;p&gt;&amp;#8211; Divjot&lt;/p&gt;</comment>
                            <comment id="3416465" author="JIRAUSER1256961" created="Tue, 29 Sep 2020 15:50:23 +0000"  >&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;I tried the above mentioned URI but still getting key mismatch error. PFB version of go-driver &amp;amp; golang&lt;/p&gt;

&lt;p&gt;Mongo-go-driver version:&#160;&#160;v1.4.1&lt;/p&gt;

&lt;p&gt;Go lang version: 1.12&lt;/p&gt;

&lt;p&gt;OS:&#160;Red Hat Enterprise Linux 7.4&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="3408734" author="divjot.arora" created="Wed, 23 Sep 2020 23:44:10 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;&#160;I haven&apos;t found anything useful yet, but I think we can get rid of some variables by shortening the URI. I think this URI would be the minimal required one to reproduce the issue:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongodb:&lt;/span&gt;&lt;span style=&quot;color: #008200; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;//localhost:27017/?tlsCertificateKeyFile=combined.pem&amp;amp;tlsCertificateKeyFilePassword=passphrase&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;where &quot;combined.pem&quot; would be the path to the file that contains both the certificate and key concatenated and &quot;passphrase&quot; would be the password required for decryption. I tried this with the example certificate at&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/ce6e7c713cd1b1f44e544b062d0cc0bb7c8a1954/mongo/options/testdata/certificate.pem&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/ce6e7c713cd1b1f44e544b062d0cc0bb7c8a1954/mongo/options/testdata/certificate.pem&lt;/a&gt;. It passed as-is and failed if I changed the password to an incorrect one, as expected.&lt;/p&gt;

&lt;p&gt;Can you try using this URI to see if that still shows this error? Also, can you provide the driver version, Go language version, and operating system you&apos;re using?&lt;/p&gt;

&lt;p&gt;&amp;#8211; Divjot&lt;/p&gt;</comment>
                            <comment id="3408145" author="divjot.arora" created="Wed, 23 Sep 2020 18:49:07 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;&#160;I tried using the individual cert/key options with this URI:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongodb:&lt;/span&gt;&lt;span style=&quot;color: #008200; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;//localhost:27017/?&amp;amp;tls=true&amp;amp;tlsCertificateFile=cert.pem&amp;amp;tlsPrivateKeyFile=key.pem&amp;amp;sslClientCertificateKeyPassword=passphrase&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;and did not get any errors from the &lt;tt&gt;mongo.NewClient&lt;/tt&gt; function. In your previous comment, you mentioned that you used the &quot;tlsCertificateFile&quot; and &quot;tlsPrivateKey&quot; options. I believe you need to use &quot;tlsPrivateKeyFile&quot; instead of &quot;tlsPrivateKey&quot; as documented in bullet (2) of&#160;&lt;a href=&quot;https://godoc.org/go.mongodb.org/mongo-driver/mongo/options#ClientOptions.SetTLSConfig&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://godoc.org/go.mongodb.org/mongo-driver/mongo/options#ClientOptions.SetTLSConfig&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Note that I don&apos;t think using the separate cert/key options will help as the code to read the cert/key and decrypt the key using the password is shared in both code paths. I also verified that we have at least one test case for an encrypted private key that requires a passphrase, so it&apos;s very strange to me that you&apos;re seeing this error. I will continue to investigate.&lt;/p&gt;</comment>
                            <comment id="3408118" author="divjot.arora" created="Wed, 23 Sep 2020 18:39:20 +0000"  >&lt;p&gt;I&apos;m not sure of the underlying problem yet, but using &quot;sslCertificateFile&quot; and &quot;sslPrivateKeyFile&quot; is not correct. We don&apos;t check for those URI options, so I believe what&apos;s happening there is that the parsing succeeds because those options are actually ignored. At that point, TLS is not properly configured, so all connections to the server fail. That would cause the &quot;server selection error&quot; on the first operation because we&apos;re not able to discover the servers.&lt;/p&gt;

&lt;p&gt;I will investigate why you&apos;re seeing parsing errors when using &quot;tlsCertificateFile&quot; and &quot;tlsPrivateKey&quot;. I believe we have test cases for those combinations, so it&apos;s strange that you&apos;re seeing that error.&lt;/p&gt;</comment>
                            <comment id="3408099" author="JIRAUSER1256961" created="Wed, 23 Sep 2020 18:35:03 +0000"  >&lt;p&gt;I tried giving &quot;tlsCertificateFile&quot; and &quot;tlsPrivateKey&quot; in URI but it returned following error:&lt;/p&gt;

&lt;p&gt;&quot;the tlsPrivateKeyFile URI option must be provided if the tlsCertificateFile option is specified&quot;&#160; even though both options were provided.&#160;&lt;/p&gt;

&lt;p&gt;After going through code&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/blob/master/x/mongo/driver/connstring/connstring.go&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/blob/master/x/mongo/driver/connstring/connstring.go&lt;/a&gt;&#160; looks like above error is occurring due to incorrect parsing.&#160; Same is the reason why earlier error was happening even though both private &amp;amp; public keys were matching.&lt;/p&gt;

&lt;p&gt;Finally, used &quot;sslCertificateFile&quot; and &quot;sslPrivateKeyFile&quot; option in URI and it worked. ( Both of these option variable are not mentioned in docs&#160;&lt;a href=&quot;https://godoc.org/go.mongodb.org/mongo-driver/mongo/options#ClientOptions&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://godoc.org/go.mongodb.org/mongo-driver/mongo/options#ClientOptions&lt;/a&gt;&#160;). Also, I tried &quot;sslClientCertificateKeyFile&quot; earlier but was getting same key mismatch error.&lt;/p&gt;

&lt;p&gt;Now, I&apos;m able to connect to client(mongo.Connect) but when trying to ping database receiving following error:&lt;/p&gt;

&lt;p&gt;&quot;server selection error -&#160;incomplete read of message header: EOF &quot;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="3407855" author="JIRAUSER1256961" created="Wed, 23 Sep 2020 17:37:16 +0000"  >&lt;p&gt;Hi Divjot,&lt;/p&gt;

&lt;p&gt;I separated the key &amp;amp; cert to two different files and ran the above mentioned openssl commands. Output for both key and cert matched.&#160;&lt;/p&gt;

&lt;p&gt;(Also, just to add key.pem is encrypted and need a passphrase. )&lt;/p&gt;

&lt;p&gt;Regards&lt;/p&gt;</comment>
                            <comment id="3405446" author="divjot.arora" created="Tue, 22 Sep 2020 15:49:06 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prakhar.deep12%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;prakhar.deep12@gmail.com&quot;&gt;prakhar.deep12@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thanks for the information. I believe the error is coming from&#160;&lt;a href=&quot;https://github.com/golang/go/blob/d42b32e321fa5c5d2c93b2ad22d48e804c9f45d2/src/crypto/tls/tls.go#L342&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/golang/go/blob/d42b32e321fa5c5d2c93b2ad22d48e804c9f45d2/src/crypto/tls/tls.go#L342&lt;/a&gt;. The driver users Go&apos;s tls.X509KeyPair function to create a tls.Certificate instance, which is then used to populate a tls.Config. That function is returning an error when comparing the public and private keys.&lt;/p&gt;

&lt;p&gt;The first step for debugging this is to make sure that the public and private keys match. Both of these parts are currently in the file specified by &lt;tt&gt;certFilePath&lt;/tt&gt;. Can you move them into separate files like &lt;tt&gt;key.pem&lt;/tt&gt; and &lt;tt&gt;cert.pem&lt;/tt&gt;? After that, we can use the commands from&#160;&lt;a href=&quot;https://support.comodo.com/index.php?/Knowledgebase/Article/View/684/17/how-do-i-verify-that-a-private-key-matches-a-certificate-openssl&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://support.comodo.com/index.php?/Knowledgebase/Article/View/684/17/how-do-i-verify-that-a-private-key-matches-a-certificate-openssl&lt;/a&gt;&#160;to verify them. You can run&#160;&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;openssl rsa -modulus -noout -in key.pem | openssl md5&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;and&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;openssl x509 -modulus -noout -in cert.pem | openssl md5&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;If you&apos;d prefer to verify this in a different way,&#160;&lt;a href=&quot;https://stackoverflow.com/questions/274560/how-do-you-test-a-public-private-dsa-keypair&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://stackoverflow.com/questions/274560/how-do-you-test-a-public-private-dsa-keypair&lt;/a&gt;&#160;also has some suggestions. Once you&apos;ve done this verification, we can move forward with debugging this issue.&lt;/p&gt;

&lt;p&gt;&amp;#8211; Divjot&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxt12f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>