Error in SSL Deployment, Requesting Expert Assistance for Troubleshooting

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: SSL部署出错,请求大佬帮忙排查

| username: TiDBer_eEiwvfN0

[TiDB Usage Environment] Local, downloaded the latest version of tikv/pd source code and client-go repository

[TiDB Version]

[Reproduction Path] Operations performed that led to the issue
According to the official documentation, generated root.crt, root.key, and pd.crt/pd.key, tikv.crt/tikv.key, client.crt/client.key
./bin/pd-server --data-dir=pd --cacert=root.crt --cert=pd.crt --key=pd.key
PD starts normally, but errors occur when starting TiKV and client-go
target/aarch64-apple-darwin/debug/tikv-server --pd-endpoints=“” --config=tikv.toml

Configuration in tikv.toml

The path for TLS certificates. Empty string means disabling secure connections.

ca-path = “${path}/root.crt”
cert-path = “${path}/tikv.crt”
key-path = “${path}/tikv.key”

[Encountered Issue: Phenomenon and Impact]
TiKV startup error
connect failed: {"created":"@1714027010.971859000","description":"Handshake read failed\

[Resource Configuration] Enter TiDB Dashboard - Cluster Info - Hosts and take a screenshot of this page
[Attachment: Screenshot/Logs/Monitoring]

| username: TiDBer_eEiwvfN0 | Original post link

After starting PD, I saw [2024/04/25 14:49:22.034 +08:00] [INFO] [etcd.go:765] [“starting with client TLS”] [tls-info=“cert = pd.crt, key = pd.key, trusted-ca = root.crt, client-cert-auth = true, crl-file = “] [cipher-suites=””]