Dave
Reputation: 407
OpenSSL Private Key Error when creating P12 Certificate
I am trying to create a P12 certificate from some existing .der files that were created from OpenSSL.
When I tried running the command below, I got an error.
C:\Windows\system32>openssl pkcs12 -export -out bundle.p12 -inkey <PATH>/PrivKey.der -in <PATH>/ClientSignedCert.der -certfile <PATH>/CACert.der
The error I received:
Loading 'screen' into random state - done
unable to load private key
5688:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib
.c:696:Expecting: ANY PRIVATE KEY
I don't understand this. I am giving OpenSSL a private key (PrivKey.der). What could be the cause of this error?
OpenSSL 1.0.1 14 Mar 2012 (Library: OpenSSL 1.0.1c 10 May 2012)
Windows 7 Professional.
Upvotes: 5
Views: 39594
Answers (1)
dkalyvas
Reputation: 41
According to the openssl PKCS12 documentation, your -in, -inkey and certfile files has to be in PEM format.
To convert a certificate from DER to PEM:
x509 –in ClientSignedCert.der –inform DER –out ClientSignedCert.crt –outform PEM
x509 –in CACert.der –inform DER –out CACert.crt –outform PEM
To convert a key from DER to PEM:
rsa –in PrivKey.der –inform DER –out PrivKey.key –outform PEM
Upvotes: 4
Related Questions
- Creating a .p12 file
- No certificate matches private key while generating .p12 file
- An openssl p12 certificate is not made like with Windows
- openssl Unable to load private key PEM_do_header:bad decrypt
- Getting "No certificate matches private key"
- Error creating an SSL Certificate
- getting an error while generating ssl certificates
- Error when check private key with certificate
- Private key generated by openssl does not satisfy n = p * q
- How to create p12 file from Private key file?