On Fri, Dec 26, 2003 at 01:55:42AM +0100, Valentin Vidic wrote: > On Fri, Dec 26, 2003 at 12:18:24AM +0000, Antony Gelberg wrote: > > Dec 26 00:09:44 mailhost Pluto[4416]: loaded private key file > > '/etc/ipsec.d/private/mailhostKey.pem' (1751 bytes) > > Dec 26 00:09:44 mailhost Pluto[4416]: file coded in unknown format, > > discarded > > Dec 26 00:09:44 mailhost Pluto[4416]: "/etc/ipsec.secrets" line 1: error > > loading RSA private key file > > That looks nasty. You better sort that out first. Perhaps you can find > some test certificates online and try with them. My private key file > looks like this: > > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: ... > > some lines with encrypted key > > -----END RSA PRIVATE KEY-----
Mine too. > > mailhost:~# cat /etc/ipsec.secrets > > : RSA /etc/ipsec.d/private/mailhostKey.pem "xxx" > > My ipsec.secrets looks similar... > > > Note that the xxx is really the "export password" that I gave when I > > generated the key. > > Try doing 'openssl des -d -in mailhostKey.pem' to see if that xxx > really works. It didn't work. I tried it on a newly-generated key as well. mailhost:/usr/local/sslca# openssl des -d -in ./newreq.pem enter des-cbc decryption password: bad magic number What could be wrong? The password that I'm entering is the one that CA.sh prompts me with with "Enter PEM pass phrase:". A
