为提高效率，提问时请提供以下信息，问题描述清晰可优先响应。
【DM版本】:DM Database Server 64 V8｛DB Version: 0x7000d｝｛03134284368-20250430-272000-20149｝｛Msg Version: 43｝｛Gsu level(5) cnt: 0｝
【操作系统】：CentOS 7.9
【CPU】: X86
【问题描述】*：达梦数据库-国密加密 失败

根据官方参考地址： https://eco.dameng.com/community/training/0009e53bb9afe394bb4eda07084232d7

1. 环境说明：

宿主机操作系统为 CentOS 7.9，

数据库安装方式：容器化部署，版本：DM Database Server 64 V8｛DB Version: 0x7000d｝｛03134284368-20250430-272000-20149｝｛Msg Version: 43｝｛Gsu level(5) cnt: 0｝

安装了CMAKE 3.18.6 、 GMSSL 3.1.1

GMSSL路径：/opt/GmSSL-3.1.1/build

数据库路径：容器 /dm8/data/DAMENG

1.1 宿主机-操作系统版本

# 1）查看CentOS版本
[root@localhost conf]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

# 2）查看内核版本
[root@localhost conf]# uname -r
3.10.0-1160.119.1.el7.x86_64

# 3）CMAKE版本
[root@localhost conf]# cmake -version
cmake version 3.18.6

CMake suite maintained and supported by Kitware (kitware.com/cmake).

# 4）GSSSL版本（已安装）
[root@localhost conf]# gmssl version
GmSSL 3.1.1
[root@localhost conf]# 

1.2 容器-启动脚本

#!/bin/bash
# 设置环境变量
export PATH=/dm8/bin:$PATH
export LD_LIBRARY_PATH=/dm8/bin:/opt/GmSSL-3.1.1/build/bin:$LD_LIBRARY_PATH

# 检查数据库是否已初始化
if [ ! -f "/dm8/data/DAMENG/dm.ini" ]; then
    echo "初始化达梦数据库..."
    su - dmdba -c "/dm8/bin/dminit path=/dm8/data page_size=16 case_sensitive=n charset=1"
fi

# 启动数据库服务
echo "启动达梦数据库..."
exec su - dmdba -c "/dm8/bin/dmserver /dm8/data/DAMENG/dm.ini signkey_pass=dm1234 enckey_pass=dm1234"

1.3 安装 GmSSL 3.1.1

四. 证书生成

4.1 生成服务器证书

/opt/GmSSL-3.1.1/build/bin下创建server_gmssl文件夹,在server_gmssl下创建gen_server.sh脚本生成相关服务器证书。

[root@localhost gmssl]# gmssl version
GmSSL 3.1.1
[root@localhost gmssl]# mkdir build
[root@localhost gmssl]# cd build/
[root@localhost build]# ls
[root@localhost build]# mkdir bin
[root@localhost build]# cd bin
[root@localhost bin]# ls
[root@localhost bin]# mkdir server_gmssl
[root@localhost bin]# cd server_gmssl
[root@localhost server_gmssl]# ls
[root@localhost server_gmssl]# 
[root@localhost server_gmssl]# 
[root@localhost server_gmssl]# vim gen_server.sh
[root@localhost server_gmssl]# chmod +x gen_server.sh 
[root@localhost server_gmssl]# sh gen_server.sh 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEOWoGgxw8OUa7juEyEzXyBkamNnbi
5qvX7G9LAP3tJWLyjgddXL1UCkHR6QcrsdlcU8C1TZWURVdxwjwn9D7PGA==
-----END PUBLIC KEY-----
Certificate
    tbsCertificate
        version: v3 (2)
        serialNumber: 08CD1ED6469158CE190FCEAE
        signature
            algorithm: sm2sign-with-sm3

。。。 字数限制 简化
-----END CERTIFICATE-----
/app/dm8_docker/conf/cert/gmssl/GmSSL-3.1.1/src/pem.c:88:pem_read():
[root@localhost server_gmssl]# ls
cacert.pem  careq.pem         enccert.pem  encreq.pem     rootcacert.pem  signcert.pem  signreq.pem
cakey.pem   double_certs.pem  enckey.pem   gen_server.sh  rootcakey.pem   signkey.pem
[root@localhost server_gmssl]# cd ..
[root@localhost bin]# ls
server_gmssl

4.2. 生成客户端证书

创建client_gmssl文件夹，复制前面生成的cacert.pem、cakey.pem和rootcacert.pem证书到client_gmssl/SYSDBA目录下, 使用如下脚本gen_client.sh生成客户端相关证书。

[root@localhost bin]# mkdir client_gmssl
[root@localhost bin]# cd client_gmssl
[root@localhost client_gmssl]# ls
[root@localhost client_gmssl]# cp ../server_gmssl/cacert.pem ../server_gmssl/cakey.pem ../server_gmssl/rootcacert.pem 
cp: 目标"../server_gmssl/rootcacert.pem" 不是目录
您在 /var/spool/mail/root 中有邮件
[root@localhost client_gmssl]# cp ../server_gmssl/cacert.pem ../server_gmssl/cakey.pem ../server_gmssl/rootcacert.pem ./
[root@localhost client_gmssl]# ls
cacert.pem  cakey.pem  rootcacert.pem
[root@localhost client_gmssl]# mkdir SYSDBA
[root@localhost client_gmssl]# cd SYSDBA/
[root@localhost SYSDBA]# ls
[root@localhost SYSDBA]# cp ../*.pem ./
[root@localhost SYSDBA]# ls
cacert.pem  cakey.pem  rootcacert.pem
[root@localhost SYSDBA]# vim gen_client.sh
[root@localhost SYSDBA]# chmod +x gen_client.sh 
[root@localhost SYSDBA]# sh gen_client.sh 
-----BEGIN PUBLIC KEY-----
。。。 字数限制 简化
-----END PUBLIC KEY-----
Certificate
    tbsCertificate
        version: v3 (2)
        。。。 字数限制 简化
-----END CERTIFICATE-----
/app/dm8_docker/conf/cert/gmssl/GmSSL-3.1.1/src/pem.c:88:pem_read():
[root@localhost SYSDBA]# ls
cacert.pem  cakey.pem  clientcert.pem  clientkey.pem  clientreq.pem  gen_client.sh  rootcacert.pem
[root@localhost SYSDBA]# pwd
/usr/local/gmssl/build/bin/client_gmssl/SYSDBA
[root@localhost SYSDBA]# cd ..
[root@localhost client_gmssl]# ls
cacert.pem  cakey.pem  rootcacert.pem  SYSDBA
[root@localhost client_gmssl]# cd ..
[root@localhost bin]# ls
client_gmssl  server_gmssl

按照5.3 修改参数：

[root@localhost conf]# cat dm.ini | grep -i ENABLE_ENCRYPT
		ENABLE_ENCRYPT                  = 3                     #Encrypt Mode For Communication, 0: Without Encryption; 1: SSL Encryption; 2: Only SSL Authentication; 3: GmSSL; 4: Only SSL Encryption
[root@localhost conf]# 

按照5.4. 复制动态库和证书：

# 进入容器操作：

[root@667f7f63212b GmSSL-3.1.1]# cd /opt/GmSSL-3.1.1/build/bin/
[root@667f7f63212b bin]# ls
aeadtest          client_gmssl          demo_sm2_private_key_parse  demo_sm3_kdf                 demo_sm4_ctr                 demo_zuc    hash_drbgtest  libgmssl.so.3.1      libskf_dummy.so.3.1  sha256test  sm9test       x509_oidtest
aestest           cmstest               demo_sm2_public_key         demo_sm4                     demo_sm4_ctr_encrypt_update  digesttest  hextest        libsdf_dummy.so      pbkdf2test           sha384test  tls13test     x509_reqtest
asn1test          demo_sm2_encrypt      demo_sm2_sign               demo_sm4_cbc                 demo_sm4_gcm                 ectest      hkdftest       libsdf_dummy.so.3    pemtest              sha512test  tlstest       x509_strtest
base64test        demo_sm2_keygen       demo_sm2_sign_ctx           demo_sm4_cbc_decrypt_update  demo_sm9_encrypt             gcmtest     hmactest       libsdf_dummy.so.3.1  pkcs8test            sm2test     x509_algtest  x509test
block_ciphertest  demo_sm2_keyparse     demo_sm3                    demo_sm4_cbc_encrypt_update  demo_sm9_keygen              gf128test   libgmssl.so    libskf_dummy.so      server_gmssl         sm3test     x509_crltest  zuctest
chacha20test      demo_sm2_private_key  demo_sm3_hmac               demo_sm4_cbc_padding         demo_sm9_sign                gmssl       libgmssl.so.3  libskf_dummy.so.3    sha224test           sm4test     x509_exttest
[root@667f7f63212b bin]# 


[root@667f7f63212b bin]# cd /home/dmdba/dm/dmdbms/bin
[root@667f7f63212b bin]# ls
client_gmssl  libgmssl.so  libgmssl.so.3  libgmssl.so.3.1  server_gmssl
[root@667f7f63212b bin]# 


[root@667f7f63212b bin]# cd /home/dmdba/dm/dmdbms/
[root@667f7f63212b dmdbms]# ls
bin
[root@667f7f63212b dmdbms]# cd ..
[root@667f7f63212b dm]# ll -h
total 0
drwxr-xr-x 3 1001 1001 17 Dec 27 23:55 dmdbms
[root@667f7f63212b dm]# chown -R dmdba:dinstall /home/dmdba/dm/dmdbms/
[root@667f7f63212b dm]# ll -h
total 0
drwxr-xr-x 3 dmdba dinstall 17 Dec 27 23:55 dmdbms
[root@667f7f63212b dm]# pwd
/home/dmdba/dm
[root@667f7f63212b dm]# 

按照 5.5. 启动数据库服务

1、dmdba用户添加GMSSL环境变量：

[dmdba@667f7f63212b ~]$ vi .bash_profile 
[dmdba@667f7f63212b ~]$ cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
	. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/dm8/bin"
export DM_HOME="/dm8"
export LD_LIBRARY_PATH=/opt/GmSSL-3.1.1/build/bin:$LD_LIBRARY_PATH

2、前台启动数据库：

[root@localhost dm8_docker]# cat start_dm.sh 
#!/bin/bash
# 设置环境变量
export PATH=/dm8/bin:$PATH
export LD_LIBRARY_PATH=/dm8/bin:/opt/GmSSL-3.1.1/build/bin:$LD_LIBRARY_PATH

# 检查数据库是否已初始化
if [ ! -f "/dm8/data/DAMENG/dm.ini" ]; then
    echo "初始化达梦数据库..."
    su - dmdba -c "/dm8/bin/dminit path=/dm8/data page_size=16 case_sensitive=n charset=1"
fi

# 启动数据库服务
echo "启动达梦数据库..."
exec su - dmdba -c "/dm8/bin/dmserver /dm8/data/DAMENG/dm.ini signkey_pass=dm1234 enckey_pass=dm1234"
[root@localhost dm8_docker]# 

启动日志：

启动达梦数据库...
file dm.key not found, use default license!
version info: develop
csek2_vm_t = 1440
nsql_vm_t = 328
prjt2_vm_t = 176
ltid_vm_t = 216
nins2_vm_t = 1136
nset2_vm_t = 272
ndlck_vm_t = 192
ndel2_vm_t = 768
slct2_vm_t = 352
nli2_vm_t = 200
aagr2_vm_t = 304
pscn_vm_t = 376
dist_vm_t = 992
DM Database Server 64 V8 03134284368-20250430-272000-20149 startup...
Normal of FAST
Normal of DEFAULT
Normal of RECYCLE
Normal of KEEP
Normal of ROLL
Database mode = 0, oguid = 0
License will expire on 2026-04-30
SSL encrypt fail!