Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)

linux openssl ssl-certificate private-key
helado picture helado · Jul 25, 2015 · Viewed 140.4k times · Source

I have a .key file, when I do

openssl rsa -text -in file.key

I get

unable to load Private Key
140000419358368:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY

Also I have a .cer file and when I do

openssl x509 -text -in file.cer

I get 

unable to load certificate
140387178489504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

But if as pointed here I run the command like:

openssl x509 -text -inform DER -in file.cer

I get

Certificate:
    Data:
        Version: 3 (0x2)
        Some more information
        ...
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIUMjAwMDEwMDAwMDAxMDAwMDU4NjcwDQYJKoZIhvcNAQEF
...
-----END CERTIFICATE-----

But that doesn't seem to work with the key, because when I run

openssl rsa -text -inform DER -in aaa010101aaa__csd_10.key

I get 

unable to load Private Key
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=RSA
140004844304032:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=PKCS8_PRIV_KEY_INFO

How can I get the private key and its certificate?

Answer

Aaron Queenan picture Aaron Queenan · Jun 12, 2018

I ran into the 'Expecting: ANY PRIVATE KEY' error when using openssl on Windows (Ubuntu Bash and Git Bash had the same issue).

The cause of the problem was that I'd saved the key and certificate files in Notepad using UTF8. Resaving both files in ANSI format solved the problem.

Related questions

Using openssl to get the certificate from a server

I am trying to get the certificate of a remote server, which I can then use to add to my keystore and use within my java application. A senior dev (who is on holidays :( ) informed me I can run this: …

Read More
Openssl : error "self signed certificate in certificate chain"

When I used openssl APIs to validate server certificate (self signed), I got following error : error 19 at 1 depth lookup:self signed certificate in certificate chain As per openssl documentation, this error (19) is "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: …

Read More
How to determine SSL cert expiration date from a PEM encoded certificate?

If I have the actual file and a Bash shell in Mac or Linux, how can I query the cert file for when it will expire? Not a web site, but actually the certificate file itself, assuming I have the …

Read More