Can t get private key with openssl no start line pem lib c 703 Expecting ANY PRIVATE KEY

Question

I have a  key file  when I do  openssl rsa -text -in file key  I get  unable to load Private Key 140000419358368 error 0906D06C PEM routines PEM read bio no start line pem lib c 703 Expecting  ANY PRIVATE KEY     Also I have a  cer file and when I do   openssl x509 -text -in file cer  I get   unable to load certificate 140387178489504 error 0906D06C PEM routines PEM read bio no start line pem lib c 703 Expecting  TRUSTED CERTIFICATE     But if as pointed here I run the command like   openssl x509 -text -inform DER -in file cer  I get  Certificate      Data          Version  3  0x2          Some more information             -----BEGIN CERTIFICATE----- MIIEdDCCA1ygAwIBAgIUMjAwMDEwMDAwMDAxMDAwMDU4NjcwDQYJKoZIhvcNAQEF     -----END CERTIFICATE-----   But that doesn t seem to work with the key  because when I run  openssl rsa -text -inform DER -in aaa010101aaa  csd 10 key  I get   unable to load Private Key 140004844304032 error 0D0680A8 asn1 encoding routines ASN1 CHECK TLEN wrong tag tasn dec c 1337  140004844304032 error 0D06C03A asn1 encoding routines ASN1 D2I EX PRIMITIVE nested asn1 error tasn dec c 849  140004844304032 error 0D08303A asn1 encoding routines ASN1 TEMPLATE NOEXP D2I nested asn1 error tasn dec c 769 Field version  Type RSA 140004844304032 error 04093004 rsa routines OLD RSA PRIV DECODE RSA lib rsa ameth c 115  140004844304032 error 0D0680A8 asn1 encoding routines ASN1 CHECK TLEN wrong tag tasn dec c 1337  140004844304032 error 0D06C03A asn1 encoding routines ASN1 D2I EX PRIMITIVE nested asn1 error tasn dec c 849  140004844304032 error 0D08303A asn1 encoding routines ASN1 TEMPLATE NOEXP D2I nested asn1 error tasn dec c 769 Field version  Type PKCS8 PRIV KEY INFO   How can I get the private key and its certificate

User · Answer

On my execution of openssl pkcs12 -export -out cacert pkcs12 -in testca cacert pem  I received the following message      unable to load private key 140707250050712 error 0906D06C PEM   routines PEM read bio no start line pem lib c 701 Expecting  ANY   PRIVATE KEY    Got this solved by providing the key file along with the command  The switch is -inkey inkeyfile pem

User · Answer

I ran into the  Expecting  ANY PRIVATE KEY  error when using openssl on Windows  Ubuntu Bash and Git Bash had the same issue    The cause of the problem was that I d saved the key and certificate files in Notepad using UTF8  Resaving both files in ANSI format solved the problem

User · Answer

It looks like you have a certificate in DER format instead of PEM   This is why it works correctly when you provide the -inform PEM command line argument  which tells openssl what input format to expect    It s likely that your private key is using the same encoding  It looks as if the openssl rsa command also accepts a -inform argument  so try   openssl rsa -text -in file key -inform DER   A PEM encoded file is a plain-text encoding that looks something like   -----BEGIN RSA PRIVATE KEY----- MIGrAgEAAiEA0tlSKz5Iauj6ud3helAf5GguXeLUeFFTgHrpC3b2O20CAwEAAQIh ALeEtAIzebCkC bO rwNFVORb0bA9xN2n5dyTw Ba285AhEA9FFDtx4VAxMVB2GU QfJ 2wIRANzuXKda nRXIyRw1ArE2FcCECYhGKRXeYgFTl7ch7rTEckCEQDTMShw 8pL7M7DsTM7l3HXRAhAhIMYKQawc Y7MNE4kQWYe -----END RSA PRIVATE KEY-----   While DER is a binary encoding format   Update  Sometimes keys are distributed in PKCS 8 format  which can be either PEM or DER encoded    Try this and see what you get   openssl pkcs8 -in file key -inform der

User · Answer

My two cents  came across the same error message in RHEL7 3 while running the openssl command with root CA certificate  The reason being  while downloading the certificate from AD server  Encoding was selected as DER instead of Base64  Once the proper version of encoding was selected for the new certificate download  error was resolved   Hope this helps for new users  -

[linux] Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)

Examples related to linux

Examples related to openssl

Examples related to ssl-certificate

Examples related to private-key