Could not extract the private key


Article ID: 207836


Updated On:


CA App Synthetic Monitor


When trying to create an HTTPS monitor that requires the use of a client certificate, we have receive the certificate and packaged it along with the private key into a .pem file. We uploaded the .pem file to the monitor and put the passcode in the password field. We also uploaded the CA Cert .crt file into the CA Cert field.  When we attempt to save the monitor it gives the following error:  

Could not extract the private key from the client certificate. SSL routines report: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag


CA App Synthetic Monitor


1) Make sure to use a P12 PEM format file.

2) Make sure to use “openssl pkcs12 -in <cert chain filename> -inkey <key filename> -export -out <.pfx filename>“ command to package the Certificate chain and private key into a .pfx file and then used “openssl pkcs12 -in <.pfx filename> -out <.pem filename> -nodes“ command to convert the .pfx to a .pem file.

3) Try to use a certificate without the chain and again with the full chain (root, intermediate, and cert).

4) Try to use the .pfx file instead of the .pem file.