SSL certificate generated with OpenSSL not working on NSS

StackOverflow https://stackoverflow.com/questions/22499425

Question

I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.

cURL is returning this error:

unable to load client key: -8178 (SEC_ERROR_BAD_KEY)

I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS.

I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS.

Was it helpful?

Solution

The failure was due to my PKCS#8 private key format:
- With a PKCS#8 private key
-----BEGIN ENCRYPTED PRIVATE KEY----- header
or
-----BEGIN PRIVATE KEY----- header
curl+openssl works, but not curl+nss+libnsspem.so
- With a RSA private key
-----BEGIN RSA PRIVATE KEY----- header
both curl+openssl and curl+nss+libnsspem.so work.

So use this command openssl rsa -in key.pem -out newkey.pem to remove the pass phrase on an RSA private key:

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top