I have a .key file, when I do
我有一个。key文件
openssl rsa -text -in file.key
openssl rsa -文本-文件。
I get
我得到
unable to load Private Key
140000419358368:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
Also I have a .cer file and when I do
我还有一个。cer文件
openssl x509 -text -in file.cer
openssl x509 -文本文件
I get
我得到
unable to load certificate
140387178489504:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
But if as pointed here I run the command like:
但是,如果我在这里像这样运行命令:
openssl x509 -text -inform DER -in file.cer
openssl x509 -text -inform DER in file.cer
I get
我得到
Certificate:
Data:
Version: 3 (0x2)
Some more information
...
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIUMjAwMDEwMDAwMDAxMDAwMDU4NjcwDQYJKoZIhvcNAQEF
...
-----END CERTIFICATE-----
But that doesn't seem to work with the key, because when I run
但这似乎对钥匙不起作用,因为当我跑的时候
openssl rsa -text -inform DER -in aaa010101aaa__csd_10.key
openssl rsa -text -inform DER -in aaa010101aaa__csd_10.key
I get
我得到
unable to load Private Key
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=RSA
140004844304032:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:rsa_ameth.c:115:
140004844304032:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1337:
140004844304032:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:849:
140004844304032:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:769:Field=version, Type=PKCS8_PRIV_KEY_INFO
How can I get the private key and its certificate?
如何取得私钥及其证书?
3 个解决方案
#1
8
It looks like you have a certificate in DER format instead of PEM. This is why it works correctly when you provide the -inform PEM command line argument (which tells openssl what input format to expect).
看起来您有一个DER格式的证书,而不是PEM。这就是为什么当您提供-inform PEM命令行参数(它告诉openssl需要什么输入格式)时,它可以正常工作。
It's likely that your private key is using the same encoding. It looks as if the openssl rsa command also accepts a -inform argument, so try:
您的私钥可能使用相同的编码。看起来openssl rsa命令也接受-inform参数,所以请尝试:
openssl rsa -text -in file.key -inform DER
A PEM encoded file is a plain-text encoding that looks something like:
PEM编码的文件是一种纯文本编码,看起来像:
-----BEGIN RSA PRIVATE KEY-----
MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh
ALeEtAIzebCkC+bO+rwNFVORb0bA9xN2n5dyTw/Ba285AhEA9FFDtx4VAxMVB2GU
QfJ/2wIRANzuXKda/nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw
8pL7M7DsTM7l3HXRAhAhIMYKQawc+Y7MNE4kQWYe
-----END RSA PRIVATE KEY-----
While DER is a binary encoding format.
而DER是二进制编码格式。
Update
更新
Sometimes keys are distributed in PKCS#8 format (which can be either PEM or DER encoded). Try this and see what you get:
有时密钥以PKCS#8格式分发(可以是PEM或DER编码)。试试这个,看看你能得到什么:
openssl pkcs8 -in file.key -inform der
#2
1
My two cents: came across the same error message in RHEL7.3 while running the openssl command with root CA certificate. The reason being, while downloading the certificate from AD server, Encoding was selected as DER instead of Base64. Once the proper version of encoding was selected for the new certificate download, error was resolved
我的两点:在使用根CA证书运行openssl命令时,在RHEL7.3中遇到了相同的错误消息。原因是,当从AD服务器下载证书时,编码被选择为DER而不是Base64。一旦为新证书下载选择了合适的编码版本,错误就被解决了
Hope this helps for new users :-)
希望这有助于新用户:-)
#3
0
On my execution of openssl pkcs12 -export -out cacert.pkcs12 -in testca/cacert.pem, I received the following message:
在我执行openssl pkcs12 -export cacert时。pkcs12——testca / cacert。pem,我收到如下信息:
unable to load private key 140707250050712:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY`
无法加载私有密钥140707250050712:错误:0906D06C:PEM例程:PEM_read_bio:no start line:pem_lib。c:701:预计:任何私钥
Got this solved by providing the key file along with the command. The switch is -inkey inkeyfile.pem
通过提供密钥文件和命令来解决这个问题。开关是-inkey inkeyfile.pem。
#1
8
It looks like you have a certificate in DER format instead of PEM. This is why it works correctly when you provide the -inform PEM command line argument (which tells openssl what input format to expect).
看起来您有一个DER格式的证书,而不是PEM。这就是为什么当您提供-inform PEM命令行参数(它告诉openssl需要什么输入格式)时,它可以正常工作。
It's likely that your private key is using the same encoding. It looks as if the openssl rsa command also accepts a -inform argument, so try:
您的私钥可能使用相同的编码。看起来openssl rsa命令也接受-inform参数,所以请尝试:
openssl rsa -text -in file.key -inform DER
A PEM encoded file is a plain-text encoding that looks something like:
PEM编码的文件是一种纯文本编码,看起来像:
-----BEGIN RSA PRIVATE KEY-----
MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh
ALeEtAIzebCkC+bO+rwNFVORb0bA9xN2n5dyTw/Ba285AhEA9FFDtx4VAxMVB2GU
QfJ/2wIRANzuXKda/nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw
8pL7M7DsTM7l3HXRAhAhIMYKQawc+Y7MNE4kQWYe
-----END RSA PRIVATE KEY-----
While DER is a binary encoding format.
而DER是二进制编码格式。
Update
更新
Sometimes keys are distributed in PKCS#8 format (which can be either PEM or DER encoded). Try this and see what you get:
有时密钥以PKCS#8格式分发(可以是PEM或DER编码)。试试这个,看看你能得到什么:
openssl pkcs8 -in file.key -inform der
#2
1
My two cents: came across the same error message in RHEL7.3 while running the openssl command with root CA certificate. The reason being, while downloading the certificate from AD server, Encoding was selected as DER instead of Base64. Once the proper version of encoding was selected for the new certificate download, error was resolved
我的两点:在使用根CA证书运行openssl命令时,在RHEL7.3中遇到了相同的错误消息。原因是,当从AD服务器下载证书时,编码被选择为DER而不是Base64。一旦为新证书下载选择了合适的编码版本,错误就被解决了
Hope this helps for new users :-)
希望这有助于新用户:-)
#3
0
On my execution of openssl pkcs12 -export -out cacert.pkcs12 -in testca/cacert.pem, I received the following message:
在我执行openssl pkcs12 -export cacert时。pkcs12——testca / cacert。pem,我收到如下信息:
unable to load private key 140707250050712:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY`
无法加载私有密钥140707250050712:错误:0906D06C:PEM例程:PEM_read_bio:no start line:pem_lib。c:701:预计:任何私钥
Got this solved by providing the key file along with the command. The switch is -inkey inkeyfile.pem
通过提供密钥文件和命令来解决这个问题。开关是-inkey inkeyfile.pem。