StartSSL Private Key import failed

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
mihaidobos
-


Joined: 10 May 2013
Posts: 3

PostPosted: Fri May 10, 2013 9:50 am    Post subject: StartSSL Private Key import failed Reply with quote

Hello,

I get an error when i try to import a SSL private key generated by StartSSL.
Error is "bad decrypt - PEM_do_header - 906a065"

Certificate key starts/ends with following headers. I removed sensitive information.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC, (//stripped down//)
//stripped down//
-----END RSA PRIVATE KEY-----

I am able to generate keys and add self-signed/3rd part signed certificates based on the generated keys and fully configure HTTPS use on Abyss.

However I want to import the private key to be used with a certificate that is trusted and not returns warnings in users's browsers.

Any ideas guys?

Thx,

./MD
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 916

PostPosted: Mon May 13, 2013 6:11 pm    Post subject: Re: StartSSL Private Key import failed Reply with quote

mihaidobos,

This private key is encrypted and requires that you enter a password each time the server loads it.

Encrypted private keys are not supported by Abyss Web Server as it has to be able to run unattended while such keys require user interaction to be usable.

It should be converted to an unencrypted form. Please contact out technical support by email for detailed instructions on how to do so.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
mihaidobos
-


Joined: 10 May 2013
Posts: 3

PostPosted: Mon May 13, 2013 8:29 pm    Post subject: Re: StartSSL Private Key import failed Reply with quote

Thanks for the tip, didn't realize the error refers to that.

I will do a search and try to do the operation myself, I don't want to abuse technical support's time as I am using the free version of the software.

Best regards


admin wrote:
mihaidobos,

This private key is encrypted and requires that you enter a password each time the server loads it.

Encrypted private keys are not supported by Abyss Web Server as it has to be able to run unattended while such keys require user interaction to be usable.

It should be converted to an unencrypted form. Please contact out technical support by email for detailed instructions on how to do so.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 916

PostPosted: Tue May 14, 2013 11:31 am    Post subject: Re: StartSSL Private Key import failed Reply with quote

mihaidobos wrote:
I don't want to abuse technical support's time as I am using the free version of the software.


Your support request will be welcome. And our tech. support is free so why not using it? (abusers are those who send us 10 questions a day without even bothering reading what our replies.)
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
mihaidobos
-


Joined: 10 May 2013
Posts: 3

PostPosted: Wed May 15, 2013 11:04 am    Post subject: Re: StartSSL Private Key import failed Reply with quote

admin wrote:
mihaidobos wrote:
I don't want to abuse technical support's time as I am using the free version of the software.


Your support request will be welcome. And our tech. support is free so why not using it? (abusers are those who send us 10 questions a day without even bothering reading what our replies.)


Thank you for your help - you guys do an excellent job, but got it fixed.

For anybody who hits the same problem, you need openssl and perform the decryption operation. Then import will work.

Code:
openssl rsa –in enc.key -out dec.key
Enter pass phrase for enc.key:      -> Enter passphrase
writing RSA key...


Overall it's an easier process to generate a private key in Abyss and based on that key get a Certificate Signing Request (CSR). Based on this you get a certificate for which you already own the private key.

As a best practice, you should also export your private key (copy&paste) to a secure area, so you don't have to revoke your certificate if you loose your Abyss server installation.
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group