Re: unable to load private key
On Fri, Apr 16, 2010, digitalderik wrote: > > Hi there > I've copied and pasted an rsa private key that i need to use with openssl. > However when i run any commands that use the private key like the command: > $openssl rsautl -sign -in textfile -inkey privatekey.pem -out result.txt > i get: unable to load private key > I've checked the line length of the private key and it is 64 characters.Does > this mean that it's not a problem with the base64 encoding(The key is in PEM > format: ASN.1 + DER + base64). > I'm at my wits end and can't find anything that helps on google. > Any help would be great.Thankyou for your time > regards What is the full error message? What do you get with: openssl rsa -in key.pem Does the file look like this: -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
unable to load private key
Hi there I've copied and pasted an rsa private key that i need to use with openssl. However when i run any commands that use the private key like the command: $openssl rsautl -sign -in textfile -inkey privatekey.pem -out result.txt i get: unable to load private key I've checked the line length of the private key and it is 64 characters.Does this mean that it's not a problem with the base64 encoding(The key is in PEM format: ASN.1 + DER + base64). I'm at my wits end and can't find anything that helps on google. Any help would be great.Thankyou for your time regards -- View this message in context: http://old.nabble.com/unable-to-load-private-key-tp28268474p28268474.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: unable to load Private Key: mobilefish self-CA instructions
> From: owner-openssl-us...@openssl.org On Behalf Of Llenlleawg > Sent: Saturday, 12 December, 2009 15:17 > Here is a brief outline of what I'm trying to do. I'm trying > to create a > certificate signed by my own CA and private key. > > I followed the steps on the following site to setup my own CA. > > http://www.mobilefish.com/developer/openssl/openssl_quickguide > _create_ca.html > > and then followed the steps on this page to try to create the > certificate. > > http://www.mobilefish.com/developer/openssl/openssl_quickguide > _ca_certificate.html > > My problem is when I get to step 7 on the second page. I receive the > following error when I run the command in step 7. > > C:\OpenSSL\bin>openssl rsa < newreq.pem > newkey.pem > unable to load Private Key > 6068:error:0906D06C:PEM routines:PEM_read_bio:no start > line:.\crypto\pem\pem_lib.c:650:Expecting: ANY PRIVATE KEY > They appear to have been confused/misled and not tested. Some older versions of 'CA.pl newreq' (and newreq-nodes), in particular 0.9.7d which they identify and I happen to have to hand on an old system, incorrectly says at the end: Request (and private key) is in newreq.pem but in fact the request is in newreq.pem and the privkey is in newkey.pem. As they should be, because a CSR does not, and in general for security MUST not, contain the privkey. If you just skip their step 7 it looks like it should work. Aside: their description at the top of the page isn't quite correct. Assuming kRSA, as they apparently do, the browser (client) doesn't choose and send the actual sessionkey, rather the premaster secret which is used to derive the sessionkeys (there are actually two, encryption and MAC). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
unable to load Private Key
Hi All, I'm hoping someone can help me, I'm a complete newb when it comes to this stuff so I hope someone can point me in the right direction. Here is a brief outline of what I'm trying to do. I'm trying to create a certificate signed by my own CA and private key. I followed the steps on the following site to setup my own CA. http://www.mobilefish.com/developer/openssl/openssl_quickguide_create_ca.html and then followed the steps on this page to try to create the certificate. http://www.mobilefish.com/developer/openssl/openssl_quickguide_ca_certificate.html My problem is when I get to step 7 on the second page. I receive the following error when I run the command in step 7. C:\OpenSSL\bin>openssl rsa < newreq.pem > newkey.pem unable to load Private Key 6068:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: ANY PRIVATE KEY >From what I can tell, I have followed the steps exactly as listed and have even started from scratch several times all to the same result. Any help would be appreciated. -- View this message in context: http://old.nabble.com/unable-to-load-Private-Key-tp26760802p26760802.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: unable to load Private Key
As the error message says, you are getting this because the private key file (privkey.pem) does not exist (No such file). If you want to use this form of the command you must first generate the private key file. If you want to do it all at once then a slightly different form of the command is required (I will assume you want an RSA key - changes are required for DSA or ECC): openssl req -newkey rsa:2048 -keyout privkey.pem -out cacert.pem -x509 -new -days 1095 This will result in something that looks like this: Generating a 2048 bit RSA private key +++ ..+++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: Regards Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniela Gutierrez Sent: June 12, 2008 6:13 PM To: openssl-users@openssl.org Subject: unable to load Private Key Hi there, I'm trying to create a self-signed certificate but I'm having some troubles, the error I keep getting is: mymachine# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 Error opening Private Key privkey.pem 19996:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('privkey.pem','r') 19996:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load Private Key I'm kinda new with this certificates and openssl thing but I've never had this error before, I hope someone could help me Thanks (sorry for my poor english) -- Daniela __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
unable to load Private Key
Hi there, I'm trying to create a self-signed certificate but I'm having some troubles, the error I keep getting is: mymachine# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 Error opening Private Key privkey.pem 19996:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('privkey.pem','r') 19996:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load Private Key I'm kinda new with this certificates and openssl thing but I've never had this error before, I hope someone could help me Thanks (sorry for my poor english) -- Daniela __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Unable to load private key error
Hello, perhaps you can advise me on this? I ran openssl req -new -out certreq.arm -keyout QMNGRXXX.pem -config /usr/xxx/xxx/ssl/openssl.cnf I then typed and retyped the pass phrase. And recorded it for future use. This created a QMNGRXXX.pem and a certreq.arm I sent the certreq.arm to the CA and received a site certificate back. I then concatenated the site certificate,QMNGR private key and the CA certificate in just that order to create a cert.pem I then attempted to create the pass phrase stash file by running: openssl pkcs12 -export -in cert.pem -out cert.p12 -passin pass:xx -passout pass:xx However I receive the error "unable to load private key" both the cert.p12 and stash.sth are created. However cert.p12 is empty. Question: Is this a bug or random error, and can I ignore it? Question: Is it possible the pass phrase I created while creating the certreq.arm is corrupted or incorrect? Question: Could I recreate the Private key then re-concatenate the existing site certificate with the private key and CA certificate thus creating a new pass phrase? Or would I need to resubmit the new cert.arm to the CA? Thanks Barry This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission.
A problem with the installation (Unable to load private key)
umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.csr/server.csr unable to load Private Key 14854:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: ANY PRIVATE KEY make: *** [/etc/httpd/conf/ssl.csr/server.csr] Error 1 ^^ This happens when i'm giving the command: "make certreq" in the directory: /usr/share/ssl/certs using Redhat 9 Shrike as operating system, I have generated a key which is located at /etc/httpd/conf/ssl.key/server.key. Can any1 help me with this problem, I never worked with OpenSSL before. Thanks in advance, Nabi1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Unable to load private key
On Tue, Jun 29, 2004, Pierre Sengès wrote: > Hello > > I'm newbie to openSSL. I'm trying to create a pkcs12 file with Win32 OpenSSL 0.97d. > I've generated a CSR with keytool. I got my cert file generated by a CA and a > private key file (generated by keytool). > The following command : > > OpenSSL> pkcs12 -export -inkey domain.key -in domain.crt -out domain.pkcs12 > > make the following error : > > Loading 'screen' into random state - done > unable to load private key > error in pkcs12 > > Most posts i've read about this error talk about 0.96 bug. But i'm in 0.97 ... > I've not found in openssl.cnf definition of private key location ... but i think it > must be in same directory that crt file ? ( {openssl-install-dir}/bin exactly ...) > > Can it come from a bad private key format ? > Yes its probably that the file domain.key isn't in the expected (PEM) format. If that is the case you should convert it first. I believe keytool may use PKCS#8 format in binary (DER) format in which case: openssl pkcs8 -inform DER -nocrypto -in domain.key -out key.pem should work. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Unable to load private key
> Hello > > I'm newbie to openSSL. I'm trying to create a pkcs12 file with Win32 > OpenSSL 0.97d. > I've generated a CSR with keytool. I got my cert file generated by a CA > and a private key file (generated by keytool). > The following command : > > OpenSSL> pkcs12 -export -inkey domain.key -in domain.crt -out > domain.pkcs12 > > make the following error : > > Loading 'screen' into random state - done > unable to load private key > error in pkcs12 > > Most posts i've read about this error talk about 0.96 bug. But i'm in 0.97 > ... > I've not found in openssl.cnf definition of private key location ... but i > think it must be in same directory that crt file ? ( > {openssl-install-dir}/bin exactly ...) Hello, The private key is not in the same directory, here's my default openssl.cnf: certificate = $dir/certs/CA.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/CAKey.pem# The private key RANDFILE= $dir/private/.rand# private random number file Fred. > > Can it come from a bad private key format ? > > Thanks for your help ... > > Pierre > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Unable to load private key
Hello I'm newbie to openSSL. I'm trying to create a pkcs12 file with Win32 OpenSSL 0.97d. I've generated a CSR with keytool. I got my cert file generated by a CA and a private key file (generated by keytool). The following command : OpenSSL> pkcs12 -export -inkey domain.key -in domain.crt -out domain.pkcs12 make the following error : Loading 'screen' into random state - doneunable to load private keyerror in pkcs12 Most posts i've read about this error talk about 0.96 bug. But i'm in 0.97 ... I've not found in openssl.cnf definition of private key location ... but i think it must be in same directory that crt file ? ( {openssl-install-dir}/bin exactly ...) Can it come from a bad private key format ? Thanks for your help ... Pierre