https protocol error: unable to set private key file

Homepage Clovertech Forums Read Only Archives Cloverleaf Cloverleaf https protocol error: unable to set private key file

  • Creator
    Topic
  • #50845
    Jim Kosloskey
    Participant

    All,

    Cloverleaf 5.6 on AIX 5.3.

    I am attempting to do a POST.

    I have been told I need to use a Certificate provided by the receiving system. I take it to mena I must then use the ‘Client’ mode and have configured that way.

    It appears the ‘Client’ mode also requires that i have a Private Key.

    I have built that using openssl genrsa.

    However, when I attempt to POST I get an error:

    Detailed error:unable to set private key file: ‘the name of my key file here’ type PEM

    (by the way, it does not matter what I set the genrsa options to the type above is always PEM).

    followed by:

    Curl errCode:58 Curl error: problem with the local SSL certificate.

    The above is clearly not very explanatory. There really are not that many options to generating the Private key in genrsa but I certainly could have hosed up one of the options.

    The errors seem to indicate there is an issue with the Private key – anybody have any clue what it is trying to tell me?

    email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

Viewing 5 reply threads
  • Author
    Replies
    • #67745
      Rob Abbott
      Keymaster

      I think the private key needs to be in .key format not .pem — the following command will convert from pem to key:

      openssl rsa -in privkey.pem -out my-server.key

      Rob Abbott
      Cloverleaf Emeritus

    • #67746
      Jim Kosloskey
      Participant

      Rob,

      Thanks for the suggestion.

      However, after running the command you indicated and retrying I get the same error (I changed the NetConfig to reflect the new private key file name, etc. and stopped/started the thread).

      Is it possible the server to which I am trying to connect is rejecting the certificate/key combination or is this likely to be occurring on Cloverleaf(R) at the time of the POST?

      By the way, I acquired the certificate I am using from the server (United HealthCare) and it has a Public Key RSA 1024 bits. It looks to be a Verisign certificate.

      email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

    • #67747
      David Barr
      Participant

      Jim Kosloskey wrote:

      Rob,

      Is it possible the server to which I am trying to connect is rejecting the certificate/key combination or is this likely to be occurring on Cloverleaf(R) at the time of the POST?

      I think your error is a Cloverleaf error.  I don’t think that the server is receiving your key.

      Quote:

      By the way, I acquired the certificate I am using from the server (United HealthCare) and it has a Public Key RSA 1024 bits. It looks to be a Verisign certificate.

      You need a private key if you’re doing client authentication.  Public keys of website are used to authenticate the server (them) to the client (you).

      I think you need to find out if they want you to generate a client cert for authentication, or if you simply need to validate their server certifcate when you connect.

    • #67748
      Jim Kosloskey
      Participant

      Dave,

      Thanks for the input.

      Now the server (United Healthcare) folks say they are not authenticating anything. Although they indicate I need to use a Certificate.

      I suspect I should be able to use the ‘ClientAnon’ mode in the HTTPS configuration then.

      I have tried that in the past with them with no success but I guess I will try again.

      Maybe it is just working with this receiving system, but at this point,  I cannot for the life of me see how folks can complain about SNA if they have ever worked with SSL.

      email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

    • #67749
      Charlie Bursell
      Participant

      Jim:

      I just go to the HTTPS site in question using IE and if asked accept their certificate

      Then click on View -> Security Report and you get a pop-up.  Click on View Certificate > Detail -> Copy to file

      Now you have a copy you know works.  I just named mine .cer

    • #67750
      Jim Kosloskey
      Participant

      Charlie,

      Thanks.

      I previously did that to get their Certificate. That was when they were telling me I needed a key. Now they are saying I don’t.

      At least using ‘ClientAnon’ Mode in the HTTPS config is getting me into their site (no longer getting errors on the Private Key since I am not using one) – but since they cannot or won’t tell me what headers, etc. they need I am having to practically reverse engineer everything.

      Oh well I guess this will keep me busy.

      email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

Viewing 5 reply threads
  • The forum ‘Cloverleaf’ is closed to new topics and replies.

Forum Statistics

Registered Users
5,126
Forums
28
Topics
9,296
Replies
34,439
Topic Tags
287
Empty Topic Tags
10