6

When I run the command below to check my private-key PEM file, an error pops up

unable to load certificate 6300:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

command : C:\>openssl x509 -in C:\private-key.pem -text -noout

any idea?

sebs
  • 4,566
  • 3
  • 19
  • 28
Stephen Raj
  • 61
  • 1
  • 1
  • 3

2 Answers2

4

This happens mostly when your key is password-protected.

Firstly you have to decrypt it:

$ openssl rsa -in protected.key -out unprotected.key

Then you have to recreate your .pem file again:

$ cat unprotected.key yourcert.crt > yourcert.pem

After that you can issue all the commands you need. If you encounter any troubles trying stuff above, check your key and cert files for line endings (openssl does not like Windows ones) and BOM-mark.

xela
  • 49
  • 1
3

You are testing the private key and not the x509 certificate. Therefore openssl rsa (assuming it is rsa key) is to be used as in:

$ openssl rsa -in testkp.pem -text

This would print something like the following:

Private-Key: (2048 bit)
modulus:
....
publicExponent:
privateExponent:
...
prime1:
...
prime2:
....
exponent1:
...
exponent2:
....
coefficient:
.....
writing RSA key
..
....
Khanna111
  • 3,627
  • 1
  • 23
  • 25
  • 1
    error again **C:\>openssl rsa -in C:\private-key.pem -text** unable to load Private Key 10744:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1327: 10744:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_de c.c:381:Type=X509_ALGOR 10744:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\ tasn_dec.c:751:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 10744:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:132: – Stephen Raj Feb 25 '15 at 06:14
  • when you open the pem file, what is the first line: does it say something akin to "RSA private key" – Khanna111 Feb 25 '15 at 06:17
  • How does it end as "END RSA PRIVATE KEY"? There is only one entry in that file, correct? – Khanna111 Feb 25 '15 at 06:40
  • yes..this is how it ends "-----END RSA PRIVATE KEY-----" – Stephen Raj Feb 25 '15 at 06:50
  • One last try: -sgckey option. See if that helps. – Khanna111 Feb 25 '15 at 07:00
  • also I am assuming that your file has only one entry which is the PK. – Khanna111 Feb 25 '15 at 07:03
  • You saved my day! – Andriy Lobashchuk Aug 28 '18 at 15:51