+xIf you run the following, does it dump out the certificate etc or display an error?
openssl x509 -in privkey.pem -text -noout
If an error is displayed then the file isn't the correct format.
Does the file include the private key?
The format should be something like the following.
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
There may be bag attributes and key attributes also. When I run openssl x509 -in privkey.pem -text -noout I get error:
unable to load certificate
7796:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
So I tried this. I have also *.pfx file so first I run this cmd:
openssl pkcs12 -in cert.pfx -out privkey.pem
Then ran openssl x509 -in privkey.pem -text -noout.
Output was:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d1:fe:48:49:d0:6d:c3:e5
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN=XXX
Validity
Not Before: Jun 22 07:51:41 2016 GMT
Not After : Jun 22 07:51:41 2018 GMT
Subject: CN=XXX
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b1:9f:53:0d:9e:ce:b4:9e:7b:35:39:7d:15:8c:
6d:52:21:27:54:c9:71:15:46:ad:b4:a4:48:37:83:
1f:8b:a2:32:f3:87:6f:bc:62:df:24:62:ad:dc:81:
26:69:30:24:72:ac:8c:13:03:6a:6a:10:64:97:d5:
7f:f2:3d:0f:4d:5f:89:d5:84:4e:fa:81:33:c0:13:
01:5e:6a:ac:dd:be:63:20:07:72:56:1f:4b:73:d6:
2b:de:74:30:ca:1e:f8:59:74:ad:af:36:6e:c2:2e:
25:5e:87:e2:2f:f2:84:87:25:28:de:6a:e4:5b:82:
24:27:7b:11:cf:6c:49:4d:d4:dd:31:f3:ef:22:cd:
c7:5d:d7:8d:64:de:5f:d0:cd:13:cb:0a:32:f6:1a:
f2:f5:87:bb:cb:6a:a6:51:ee:4d:a7:04:7d:f8:93:
97:1e:45:cb:3d:c9:9b:49:c7:eb:99:20:c7:1e:f9:
b7:ab:38:e0:18:af:9d:09:64:92:31:a6:dc:b5:ea:
8c:63:15:68:32:7e:3c:9b:a4:4b:31:24:64:28:a5:
e6:5f:2c:2e:41:d1:93:d7:e8:06:ee:9b:95:73:d4:
ac:3e:18:6e:86:90:d0:25:5a:c2:29:19:c6:fa:14:
0c:0e:04:0f:94:af:5c:52:8f:b6:c1:05:f6:1e:4e:
2e:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:5A:D8:30:CC:C3:A6:65:6C:48:CC:DB:BF:A9:B9:44:77:3E:C5:DC
X509v3 Authority Key Identifier:
keyid:E1:5A:D8:30:CC:C3:A6:65:6C:48:CC:DB:BF:A9:B9:44:77:3E:C5:DC
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha512WithRSAEncryption
15:53:ee:f6:dd:33:00:d9:b8:2f:53:cf:15:54:89:ab:ba:5f:
56:4c:c0:44:26:6b:d8:5d:59:1e:8e:42:f5:ee:a2:9a:97:37:
b6:ae:66:bc:15:1b:66:95:95:ae:a0:bd:ef:40:47:aa:57:2c:
67:d2:a8:8b:e9:31:e2:e2:a8:21:ce:2b:82:19:ed:83:57:47:
f5:b2:3c:46:b8:3b:da:a0:95:60:3f:60:0b:ee:26:17:e1:43:
7c:dc:38:f4:aa:8e:63:78:61:b0:d4:88:98:c6:b9:2f:af:f3:
8c:a8:ab:06:b9:ac:32:f5:53:ef:4b:fa:02:76:6c:06:17:c6:
d1:77:d6:aa:99:cc:41:d4:8a:e9:d2:2d:96:6e:14:50:94:54:
5a:9f:0a:d5:aa:b8:83:1c:28:75:31:68:b2:89:e7:80:2b:66:
fc:1f:ed:2b:ff:1a:d6:be:5d:89:a0:81:f2:a3:de:a5:f4:4f:
e9:9d:9f:88:ed:c2:53:79:30:90:c0:f4:ca:60:b0:85:40:83:
02:c7:e7:31:f4:57:bc:13:c9:cf:07:7a:2b:dc:ab:c3:d5:26:
5f:9d:d6:1c:d9:48:a0:13:41:ab:64:a4:31:97:95:2c:68:fe:
e4:66:b9:3e:49:08:cc:dc:44:05:b5:93:90:f8:f6:10:d7:dd:
50:74:0b:6e
Finnaly I ran this cmd:
openssl pkcs12 -export -in privkey.pem -out new.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
Finished with error:
unable to load private key
5024:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:701:Expecting: ANY PRIVATE KEY
I am now confuse because we use this cert.pfx in our system and we don’t have aby problem.
Maybe I can send to you test certificates and you can try it becase I have no clue what is bad.