Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL certificate generated with OpenSSL not working on NSS

Tags:

curl

certificate

ssl

openssl

nss

I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.

cURL is returning this error:

unable to load client key: -8178 (SEC_ERROR_BAD_KEY)

I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS.

I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS.

like image 696
0x3d Avatar asked Mar 19 '14 07:03

0x3d

People also ask

What are OpenSSL CSRS and private keys?

This section covers OpenSSL commands that are related to generating CSRs (and private keys, if they do not already exist). CSRs can be used to request SSL certificates from a certificate authority.

Why is my SSL certificate not working on my website?

The second most common reason why a website may show insecure although you installed an SSL Certificate on it is that your server is outdated and/or doesn’t support the latest TLS settings requirements.

Can OpenSSL convert certificates to other formats?

Also, many of these formats can contain multiple items, such as a private key, certificate, and CA certificate, in a single file. OpenSSL can be used to convert certificates to and from a large variety of these formats. This section will cover a some of the possible conversions.

Can I use an SSL certificate without a CA-signed certificate?

If you would like to use an SSL certificate to secure a service but you do not require a CA-signed certificate, a valid (and free) solution is to sign your own certificates. A common type of certificate that you can issue yourself is a self-signed certificate. A self-signed certificate is a certificate that is signed with its own private key.

1 Answers

The failure was due to my PKCS#8 private key format:
- With a PKCS#8 private key
-----BEGIN ENCRYPTED PRIVATE KEY----- header
or
-----BEGIN PRIVATE KEY----- header
curl+openssl works, but not curl+nss+libnsspem.so
- With a RSA private key
-----BEGIN RSA PRIVATE KEY----- header
both curl+openssl and curl+nss+libnsspem.so work.

So use this command openssl rsa -in key.pem -out newkey.pem to remove the pass phrase on an RSA private key:

like image 66
jfly Avatar answered Oct 05 '22 07:10

jfly
Sign in to Comment

Related questions

pycurl: RETURNTRANSFER option doesn't exist
cURL really slow
How to perform an external request in Kohana 3?
Enable SSL connection for https in cURL PHP (header blank)
Multiple wildcards in one query in elasticsearch
Sending JSON via cURL POST request to Sinatra
Composer autoloader not loading GuzzleHttp\ClientInterface
How can I set Jenkins build description while triggering build via curl?
Powershell curl double quotes
Angular2 How to get token by sending credentials
"Unexpected token in JSON at position 0" using JSON.parse in Node with valid JSON
curl post file behind a proxy returns error
curl_close(): is not a valid cURL handle resource ... but WHY?
Install curl with openssl
CURL execution returns empty response and shows
Updating subscribers in a list using cURL and Mailchimp API v3
How to pretty json output from curl?
Node JS request-promise for PUT with auth
CURL doesn't encode UTF-8
How do I set authorization bearer header in C++ curl code? I'm getting insufficient authorization, eventhough it works at the command line

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!