We need to deploy SSL certificate provided by certificate authority.
During implementation we get the following error:
140029853058976:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:341:
Enter pass phrase for /tmp/capckey.key:
unable to load private key
140029853058976:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:
140029853058976:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
140029853058976:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
140029853058976:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:141:
error in pkcs12
or the following error:
... java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
Release : all PM releases
Component : PM Web UI Administration/Configuration
Private key format incorrect or key encrypted
REQUIREMETNS:
- both files (certificate and key ) must be in PEM format
- files cannot be encrypted
- private key must be in PKCS#8 standard
1. Verify if certificate is matching the key by comparing the modulus:
openssl x509 -noout -modulus -in cert.pem | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
Outputs must be identical.
2. Make sure the files are in PEM format
Open them with text editor and make sure you see the following liens in them:
3. Make sure key is not encrypted.
If you see the following lines in the key file:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
key is encrypted and must be decrypted to be used by SSL Configuration Tool.
4. Make sure key is in PKCS#8 standard
If you see the following lines in the key file:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
file is in PKCS#1 standard
openssl x509 -inform der -in certificate.cer -out certificate.pem
openssl rsa -inform der -in SERVER.key -out SERVER_pem.key