OpenSSL error generating a CSR from a private key

Question

I have got a private key that I have exported from our .p12 file. The key has been used to successfully sign the application itself.

Now I need to generate a CSR from the key. This site advises using the following command for the task:

req -out CSR.csr -key privateKey.key -new

This yields the following error:

unable to load Private Key

6420:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1319:

6420:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:.\crypto\asn1\tasn_dec.c:831:

6420:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=version, Type=RSA

6420:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib:.\crypto\rsa\rsa_ameth.c:115:

6420:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1319:

6420:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:.\crypto\asn1\tasn_dec.c:831:

6420:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=version, Type=PKCS8_PRIV_KEY_INFO

6420:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\pem_pkey.c:132: error in req

The error is the same as if I try

rsa -noout -text -in privateKey.key

The file does exist. What am I doing wrong and how can I fix it?

Answer 1

An alternative solution that did work.

1, Create a .pem file from the original .p12 (enter password when prompted)

openssl pkcs12 -in my.p12 -nocerts -out my.pem -nodes

2, Create the request from the .pem:

openssl req -new -key my.pem -out my.csr

You will be prompted to enter country, state, locality, organisation, unit and common names and your e-mail address, and extra attributes (challenge password and optional company name).

Done.

EDIT: also on CERN Certificate Authority's Prepare renewal certificate signing request(CSR) with OpenSSL.