I'm trying to generate a key to enable https on apache server under linux.
I took the certificat from godaddy that gave me .crt and .pem
I've tried to generate the key from the pem in many way:
openssl pkey -in foo.pem -out foo.key
openssl rsa -in foo.pem -out foo.key
Then I tried by an other way explain in some post I've found under stackoverflow
openssl rsa -in key.pem -out keyout.pem
and I always get this error message:
unable to load Private Key
139675415795008:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
Someone can explain to me what is my mistake and how to resolve it ?
Thanks a lot
Related
I have 4 certificates with the following extensions
_com-bundle.pem
_com.der
_com.p7b
_com.pem
In my internal tool i need to add the SSL Cert and SSL key.
How can i merge/extract the correct cert and key from the above extensions?
i've tried the bellow command
openssl x509 -inform DER -in *_com.pem -outform PEM -out cert.pem
but i've received and error that the key file is incorrect
I bought a (E-mail ID Business (S/MIME)) certificate from certum, hoping to use to sign pdf files more affordable.
They have send me the files in plain(pem) and in binary(cer).
Here is the file list I downloaded:
Certificate chain Certum Digital Identification CA SHA2.cer
Certificate chain Certum Digital Identification CA SHA2.pem
Certificate chain Certum Trusted Network CA.cer
Certificate chain Certum Trusted Network CA.pem
Certificate.cer
Certificate.pem
I tried to use below command to create p12 file.
"openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -inkey D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
When using the command with D:\xampp\php\extras\openssl\openssl.exe, windows 11 console does not gives any error. And there is no output file too.
When using the command with C:\Program Files\OpenSSL-Win64\bin\openssl.exe, windows 11 console gives below error. Win64 OpenSSL v3.0.5 Light
D:\xampp_data\MIME>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in D:\xampp_data\MIME\Certificate.cer -out Certificate.p12 -name "MyCert" -password pass:MyCert
Could not read private key from -in file from D:\xampp_data\MIME\Certificate.cer
We are trying to update an SSL certificate in our Azure Web App. Accordingly to the Private Certificate Requirements we need to use triple DES for a private key now. Here's are steps that I'm doing:
Generate private key on my PC using triple DES:
openssl genrsa -des3 -out privatekey.key 2048
Generate csr:
openssl req -new -key privatekey.key -out mycsr.csr
Re-key certificate on Godaddy Portal.
Using new crt-file generate a pfx:
openssl pkcs12 -export -out cert.pfx -inkey privatekey.key -in mycert.crt
Unfortunately, generated certificate is not accepted by Azure portal. I'm getting an error message "The password is incorrect, or the certificate is not valid".
Ubuntu 22.04 uses a yescrypt hashing algorythm. Try to generate the pfx on
I am trying to integrate with a 3rd party API using two way SSL authentication. The documention provided by them is for JAVA and I am using NodeJS. I am new to this and really grasping at straw here. In document it is mentioned to generate a self signed certificate and use private key of that certificate with the public cetificate from them to create a PKCS 12 file and use it to call the API.
Below is the excerpt from the documentation to
Create a self signed certificate
keytool -genkey -keyalg RSA -alias <aliasName>-keystore selfsigned.jks -validity <days> -keysize 2048
Import JKS to key store
KeyDBs could be any format PFX, JKS or P12. Listing the certificates from > the Keystores, Go to bin directory of Java library, It should have a Private-> Cert entry in the List of the certificates.
Keytool -list -v -keystore <Keystore Name>
If the KeyDB is not present create a Keydb using the Private key and Public Certificate provided through openSSL.
Create P12 from key
openssl pkcs12 -export -in mycert.crt -inkey <mykey.key> -out mycert.p12 -name tomcat -CAfile <myCA.crt> -caname root –chain
Create JKS from P12
keytool -v -importkeystore -srckeystore <key.p12> -srcstoretype PKCS12 -destkeystore <key.jks> -deststoretype JKS
To Verify: KeyDBs could be any format PFX, JKS or P12. Listing the certificates from the Keystores, Go to bin directory of Java library, It should have a Private-Cert entry in the List of the certificates.
Keytool -list -v -keystore <Keystore Name>
I am facing problem in creating the PKCS 12 file. I created self signed certificate using openssl (provided with git) via below mentioned commmands
Creating request and private key
openssl req -new -newkey rsa:2048 -nodes -keyout privatekey.key -out certificatereq.cer
Creating Certificate using the request and key
openssl x509 -req -days 365 -in certificatereq.cer -signkey privatekey.key -out selfsigned.crt
Upon creation of certificate I used it to create PKCS 12 file as mentioned in documentation above via below mentioned command
openssl pkcs12 -export -in selfsigned.crt -inkey privatekey.key -out outpkcs12file.p12 -name myname -CAfile thirdpartypublic.crt -caname mycaname -chain
but getting the error Error self signed certificate getting chain. I tried by installing the self signed certificate in my system also and getting the same error. If I remove the -chain (not sure what it does, but found few commands without -chain) agrument there is no output in terminal. The third party's certificate is CA signed.
I am trying to use push notifications through my nodejs server deployed in openshift rehat server. I could not find any documentation/discussion to generate apns certificate in openshift.
I tried generating a certificate, but getting an error while generating CSR using this command
openssl genrsa -out sz.key 2048
Error: unable to write 'random state'
e is 65537 (0x10001)
After some googling, I see one option is to use aerogear. But I want to use my own server to handle the notifications.
Is there any other option to generate a certificate in openshift server?
Thanks developercorey for your help. But i still see the error.
Finally generated certificate for my openshift server using this script
openssl x509 -in aps_production.cer -inform DER -out myProdCert.pem
The private key associated with the SSL certificate can be exported from the Keychain Access application on your Mac computer. - mykey.p12
openssl pkcs12 -in mykey.p12 -out myProdKey.pem -nodes -clcerts
openssl s_client -connect gateway.push.apple.com:2195 -cert myProdCert.pem -key myProdKey.pem
Hopefully this will help somebody.
Try this command:
HOME=~/app-root/data/ openssl genrsa -out sz.key 2048
Basically it is trying to write some temp data into your $HOME, but you can't write to that directory, so it won't work, but it does give somewhat of a cryptic error message.