> From: owner-openssl-us...@openssl.org On Behalf Of Jeremy Bennett > Sent: Thursday, 10 June, 2010 23:03
> t I'm having a heck of a time trying to get a renewed cert > loaded up into Tomcast for our CAS system. It keeps saying > 'unable to load private key'. It's worked before but this > time we have a renewed cert. Anyone have any ideas? > > > sudo openssl pkcs12 -in nbic.pfx -clcerts -nokeys -out publicCert.pem > [sudo] password for jbennett: > Enter Import Password: > MAC verified OK > > sudo openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in nbic.com.crt > -inkey publicCert.pem -out keystore.tomcat -name tomcat -passout pass:******* > unable to load private key > (Aside: crazily long prompt snipped) That makes no sense and can't ever have worked. You extract some cert (I guess the existing/old one) *without* privatekey into publicCert.pem and then try to use that as the privatekey. You've mixed up something. If nbic.pfx contains the privatekey and nbic.com.crt is a (new) cert for that key (e.g. your 'renewed' cert re-used the old keypair) pkcs12 -in nbic.pfx -nocerts -out somefile # and use that file for -inkey on the -export then delete it But please don't call it publicCert, that's horribly confusing, call it something like nbic.key or mykey or mykey.pem etc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
