unable to set private key file cert pem type PEM

Question

I am using curl to download data from a https site using public certificate files   System information    OS  fedora 14 curl  curl 7 30 0 openssl  OpenSSL 1 0 0a-fips   The command is   curl -v  https    lt ip  lt port gt   --cert    cert pem  --cacert    cacert pem  --cert-type PEM   About to connect   to kng com port 443   0      Trying 11 19 37 123      Adding handle  conn  0x8189e68   Adding handle  send  0   Adding handle  recv  0   Curl addHandleToPipeline  length  1   - Conn 0  0x8189e68  send pipe  1  recv pipe  0   Connected to fkng com  11 19 37 123  port 443   0    unable to set private key file     cert pem  type PEM   Closing connection 0 curl   58  unable to set private key file     cert pem  type PEM   I have have given all the permission to the  pem file  still curl is throwing an error

User · Answer

I had the same issue  eventually I found a solution that works without splitting the file  by following Petter Ivarrson s answer  My problem was when converting  p12 certificate to  pem  I used   openssl pkcs12 -in cert p12 -out cert pem   This converts and exports all certificates  CA   CLIENT  together with a private key into one file    The problem was when I tried to verify if the hashes of certificate and key are matching by running      Get certificate HASH openssl x509 -noout -modulus -in cert pem   openssl md5     Get private key HASH openssl rsa -noout -modulus -in cert pem   openssl md5   This displayed different hashes and that was the reason CURL failed   See here  https   michaelheap com curl-58-unable-to-set-private-key-file-server-key-type-pem   I guess that was because all certificates are inside a file  CA   CLIENT  and CURL takes CA certificate instead of CLIENT one  Because CA is first in the list   So the solution was to export only CLIENT certificate together with private key   openssl pkcs12 -in cert p12 -out cert pem -clcerts     Now when I re-run the verification     sh openssl x509 -noout -modulus -in cert pem   openssl md5 openssl rsa -noout -modulus -in cert pem   openssl md5   HASHES MATCHED       So I was able to make a curl request by running  curl -ivk --cert   cert pem KeyChoosenByMeWhenIrunOpenSSL https   thesite com   without problems      That being said    I think the best solution is to split the certificates into separate file and use them separately like Petter Ivarsson wrote   curl --insecure --key key pem --cacert ca pem --cert client pem KeyChoosenByMeWhenIrunOpenSSL https   thesite com

User · Answer

After reading cURL documentation on the options you used  it looks like the private key of certificate is not in the same file  If it is in different file  you need to mention it using --key file and supply passphrase  So  please make sure that either cert pem has private key  along with the certificate  or supply it using --key option  Also  this documentation mentions that Note that this option assumes a  quot certificate quot  file that is the private key and the private certificate concatenated  How they are concatenated  It is quite easy  Put them one after another in the same file  You can get more help on this here  I believe this might help you

User · Answer

I faced this issue when I had used Open SSL and the solution was to split the cert in 3 files and use all of them doing the call with Curl    openssl pkcs12 -in mycert p12 -out ca pem -cacerts -nokeys openssl pkcs12 -in mycert p12 -out client pem -clcerts -nokeys  openssl pkcs12 -in mycert p12 -out key pem -nocerts  curl --insecure --key key pem --cacert ca pem --cert client pem KeyChoosenByMeWhenIrunOpenSSL https   thesite

User · Answer

I have a similar situation  but I use the key and the certificate in different files   in my case you can check the matching of the key and the lock by comparing the hashes  see https   michaelheap com curl-58-unable-to-set-private-key-file-server-key-type-pem    This helped me to identify inconsistencies

User · Answer

Im not sure If this will help anyone but I was getting this error  although I was using php to create it instead of the command line  and to fix it I had to ensure that no old  key or  pem files were in the directory I was looking at  By deleting them and making fresh files with the authentication it worked perfectly

[curl] unable to set private key file: './cert.pem' type PEM

Examples related to curl

Examples related to openssl