RE: Export/Move Certificate failure

Thu, 03 Sep 2009 15:11:56 -0700 

> From: owner-openssl-us...@openssl.org On Behalf Of mitch355
> Sent: Tuesday, 01 September, 2009 11:35

> I've installed my certificate for my apache server and now 
> want to export/move the certificate for the Tomcat server on 
> the same machine.  I'm using the following command:
> 
> bin\openssl pkcs12 -export -in \xampp\apache\conf\ssl.crt\apache.crt 
>        -inkey \xampp\apache\conf\ssl-key\server.key -out
> \xampp\tomcat\conf\key\tomcat.p12 
>        -name tomcat -chain -CAfile 
> \xampp\apache\conf\ssl.crt\gd_bundle.crt 
>        -passout pass:changeit
> 
> The command fails with the following error:
> 
Line breaks corrected as best I can:

> Loading 'screen' into random state - done 
> Error opening private key \xampp\apache\conf\ssl-key\server.key
> 4364:error:02001003:system library:fopen:No such process:
.\crypto\bio\bss_file.c:356:fopen('\xampp\apache\conf\ssl-key\server.key','r
b')
> 4364:error:20074002:BIO routines:FILE_CTRL:system
lib:.\crypto\bio\bss_file.c:358:
> unable to load private key
> 
> The server.key that I've got in the command is the server.key 
> that I received with my certificate.  Now in looking at the 

You didn't generate it yourself, you received it from someone?
I sure hope they're trustworthy!

> OpenSSL docs it looks like that file might need to be in a 
> pem format.  Can anyone confirm that? 
> If that's the case how do I generate the pem file from my 
> server.key?  Any help would be appreciated.

Yes, openssl pksc12 -export wants PEM files.
If you actually have a DER file of an RSA privatekey 
  openssl rsa -in key.der -inform der -out key.pem
For other kinds of privatekeys, ask again. The cert(s) 
also must be PEM, and can be converted with openssl x509.

But the error messages you quoted don't occur for DER 
(only "unable to load" with no explanation).
openssl is clearly getting a runtime/library error on fopen, 
but I've never seen "No such process" (ESRCH 3) on a file.
Are you maybe using some kind of hidden links, or 
mount points, or something like that? Are you sure you're 
using the correct pathnames? Try copying the files into 
a working directory first and operating on those copies.




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to