OpenSSL unable to load certificate on backend

Question

I created my SSH key accordingly:

ssh-keygen -t rsa -C "myemail@google.com"

This will give me two files:

myKey.key.pub
myKey.key

Then to convert to pem format I run the command:

ssh-keygen -f myKey.key.pub -e -m pem > myKey.pem

The myKey.pem is the file to be provided for the backend C program.

However, I have been stuck with the similar error:

unable to load certificate
140387178489504:error:0906D06C:PEM routines:PEM_read_bio:no start     
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

So, I have followed the steps:

openssl rsa -text -in file.key -inform DER
openssl pkcs8 -in file.key -inform der

I also checked some other comments and suggestions. But the problem still continues:

error:0D0680A8:ASN1 encoding routines:ASN1CHECK_TLEN:wrong tag:tasn_dec.c:1338
error:0D07803A:ASN1 encoding routines:ASN1CHECK_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:390:Type=X509_SIG

This certificate will be used with a back-end. Or the way to get the file pem is to actually create and edit it manually? If so, where the certificate part comes from?

Any suggestions where might be my mistake? All comments are highly welcome :)

Answer 1

It could happen when your key is password-protected.

you have to decrypt it

$ openssl rsa -in protected.key -out unprotected.key

Then you have to create a new .pem file

$ cat unprotected.key yourcert.crt > yourcert.pem

I also suggest you to check your key and cert files for line endings (openssl does not like Windows ones) and BOM-mark.

Make sure that your certificate is Windows "compatible", most importantly that it doesn't have ^M in the end of each line

If you open it it will look like this:

-----BEGIN CERTIFICATE-----^M MIIDITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBM^M

To solve "this" open it with Write or Notepad++ and have it convert it to Windows "style"