Could not extract the private key

book

Article ID: 207836

calendar_today

Updated On:

Products

CA App Synthetic Monitor

Issue/Introduction

When trying to create an HTTPS monitor that requires the use of a client certificate, we have receive the certificate and packaged it along with the private key into a .pem file. We uploaded the .pem file to the monitor and put the passcode in the password field. We also uploaded the CA Cert .crt file into the CA Cert field.  When we attempt to save the monitor it gives the following error:  

Could not extract the private key from the client certificate. SSL routines report: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

Environment

CA App Synthetic Monitor

Resolution

1) Make sure to use a P12 PEM format file.

2) Make sure to use “openssl pkcs12 -in <cert chain filename> -inkey <key filename> -export -out <.pfx filename>“ command to package the Certificate chain and private key into a .pfx file and then used “openssl pkcs12 -in <.pfx filename> -out <.pem filename> -nodes“ command to convert the .pfx to a .pem file.

3) Try to use a certificate without the chain and again with the full chain (root, intermediate, and cert).

4) Try to use the .pfx file instead of the .pem file.