Issues setting up SSL, keep getting "no valid, non-passphrase-protected keys given" error

Question

I obtained a security certificate on StartSSL.com and followed the steps on Heroku closely. I was given intermediate as well as root certificates.

I tried different methods to chain these files but I get this error (see screenshot)

http://i.imgur.com/8WVmAVu.jpg

How can I fix this error?

The files that I downloaded are:

ca.pem (root cert)
sub.class1.server.ca.pem (intermediate cert)
copy and pasted the private key as server.key
copy and pasted the certificate as server.orig.crt
There's also the ca-bundle.pem that I tried using but no luck

I just redownloaded all of the files and ran this "cat server.orig.crt sub.class1.server.ca.pem ca-bundle.pem > server.crt" Then ran heroku certs:add server.crt server.key and I get this error

Unable to read server.crt file

Additionally, I just tried without any CAT and simply "heroku certs:add ca-bundle.pem server.key" and I get this error

No certificate given is a domain name certificate

Answer 1

A pem encoded certificate chain suitable for installation on heroku should consist of, in order: site, intermediate, then root pem encoded certificates.

cat server.orig.crt sub.class1.server.ca.pem ca.pem > heroku.crt

It looks to me more like a problem with your private key -- you need to make sure the pem file isn't encrypted with a passphrase, and that it is the same key pair used to generate the cert. The head of the private key will look like this if encrypted:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
...

instead of just:

-----BEGIN RSA PRIVATE KEY-----
MIICaQIBAAKBhACxlzv7H57F+vapTjqS9qdfDg20RjwFFU1B3yK8SqN7rX0jpjsW
H3B2lhCqKPWd2To2LoOolhnsFbr5qlKK3ep/nuUZfkx1aOIg4L0FgzbuCSJfKE5B
...

In the former case, run (linux, mac os):

openssl rsa -in server.key -out server.unencrypted.key

and enter the passphrase when prompted. Then use server.unencrypted.key in the call to heroku to add the cert.