Symptoms:
When adding certificate in PKCS12 format, first you have to extract a private key and certificate from PKCS12 file using OpenSSL. To do this, you have to:
- Copy the PFX or P12 file to the same location as your OpenSSL program (or specify the location in the command line).
- Type this command to extract pkcs file and save it as .pem:
openssl pkcs12 -in PKCS12file -out keys_out.pem - After entering the above command you will receive these prompts:
- Enter Import Password: (this is the password that was used when the PKCS12 file was created)
- MAC verified OK
- Enter PEM pass phrase: (this is the private key password)
- Verifying - Enter PEM pass phrase: (confirm the private key password)
- The private key, certificate, and any chain files (roots) will be parsed and dumped into the "keys_out.pem" file.
When you insert certificate and private key to NSX edge, you get error: "Error - Invalid Passphrase", even though passphrase is correct.
![](https://api-broadcomcms-software.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1512730350906)
In the NSX Manager
vsm.log file, you see entries similar to:
2019-08-29 13:00:17.191 GMT WARN http-nio-127.0.0.1-7441-exec-9 RemoteInvocationTraceInterceptor:87 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.truststore.facade.TrustStoreFacade.addCertificates com.vmware.vshield.vsm.truststore.exceptions.InvalidDataException: core-services:2017:Invalid passphrase