-1

I have installed openssl and keytool and set the path variables too. I want to generate the PKCS12 file from primary key and certificate files(.pem files) and then convert that into a JKS file. When I run a command in the openssl program pkcs12 -export -in certificate.pem -inkey privateKey.pem -certfile certificate.pem -out testkeystore.p12 I get following message-

unable to load private key
28616:error:0D0E20DE:asn1 encoding routines:c2i_ibuf:illegal zero content:crypto\asn1\a_int.c:154:
28616:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto\asn1\tasn_dec.c:646:Field=version, Type=PKCS8_PRIV_KEY_INFO
28616:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto\pem\pem_pkey.c:88:

What is going wrong here?

I have stored the both .pem files at C:\CertFiles The path variable is also set to - C:\Program Files\OpenSSL-Win64\bin Please see image below- enter image description here

dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
user11
  • 1
  • 1
  • *Obviously* `privateKey.pem` doesn't exist in the current working directory. But you can't generate JKS from the `openssl` tool. You have to use the Java `keytool` to generate JKS files. But as the Java default keystore format is no longer JKS but PKCS#12 what exactly is the point? – user207421 Aug 23 '23 at 09:52
  • thanks for the reply. I am not proficient in openssl/keytool. we have been given steps to generate JKS file. I am following that to create the JKS file. Please look at the link given below and guide if possible. https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/integrationhub-store-spokes/task/create-jks-google.html – user11 Aug 23 '23 at 10:02
  • Also, as per the document first we want to create a PKCS file using openssl command and convert it into JKS file using keytool. I am stuck at step one. I have downloaded the keytoo too. – user11 Aug 23 '23 at 10:19
  • I saved those privateKey and Certificate.pem files to this location : C:\CertFiles. Now when I run the command I see this error. Please see image. – user11 Aug 23 '23 at 10:42
  • @user207421+ privatekey file _missing_ would give a very different error; this is a file that exists and even has valid PEM labels but whose actual content is wrong. Either Google has changed something relevant here and that doc page is out of date (as it warns) -- but given PKCS8 is standard I doubt that -- or you (Kalyani) did something wrong. Unfortunately I doubt we can tell what without looking at the file in detail, which we can't do in an open forum because making that file's content public destroys your security. Plus it's not clear this is ontopic; there's already one vote it's not. – dave_thompson_085 Aug 23 '23 at 13:41
  • @dave_thompson_085 The error message is "Can't open privateKey.pem for reading, No such file or directory." It could hardly be more clear. What other error message do you have in mind? – user207421 Aug 23 '23 at 22:42
  • @user207421: unless Stack is somehow showing you a different Q then it does to me, there is no such error message nor anything remotely like it. _I_ see `unable to load private key` then 3 lines in `ERR_print_errors` format with codes `0D0E20DE 0D08303A 0907B00D` followed in the linked imgur image (but not the Q text) by `error in pkcs12` (meaning the _subcommand_ `pkcs12`). – dave_thompson_085 Aug 24 '23 at 03:15

0 Answers0