15

I'm trying to add a new SSL certificate to my Google App Engine account, but after following all the steps in the manual I kept getting this error uploading the Unencrypted PEM encoded RSA private key:

The private key you've selected does not appear to be valid.

Anyone have experienced this issue?

Javier Marín
  • 2,166
  • 3
  • 21
  • 40
  • Is it self generated key? Or have you got it from a trusted center? – Alexander Trakhimenok Oct 01 '15 at 16:22
  • From a trusted center (comodo) – Javier Marín Oct 01 '15 at 16:39
  • I'm not sure I understand. You get this error after you paste in the certificate from comodo but before you paste in the private key and hit save? Or do you get this error after pasting in both and hitting save? Are you sure the private key you are pasting in was the same one used to generate the CSR? – Jay Oct 02 '15 at 01:29

3 Answers3

21

I had the same problem last week. Google's instructions are lacking...

Your PEM file has this line:

-----BEGIN RSA PRIVATE KEY-----

Delete everything above this line and it will work.

new name
  • 15,861
  • 19
  • 68
  • 114
  • 34
    If your key just says ---BEGIN PRIVATE KEY--- then you need to convert it. Run `openssl rsa -in server.key -out server_rsa.key` – Christian Jan 18 '16 at 15:02
  • 1
    @Christian and everyone. This is kinda weird, but I actually did the following In my case, I thought the key was already in RSA, and it only needed the RSA on the delimiter, i.e. doing a `openssl rsa -in keyfilename.key -check -text` printed out in the middle of it: RSA key ok writing RSA key So, I just added the RSA to the delimiter.. and it worked.. however! the key printed out and the original are different.. it does work though.. oh well – João Antunes Dec 01 '16 at 15:33
  • i had a issue on uploding private key then i applied trick and i worked thanks man :) – Ramdrupal7 Jul 25 '17 at 19:19
10

Google requires an RSA formatted private key, which should have the following header (note the word RSA):

-----BEGIN RSA PRIVATE KEY-----

If your key has just: ---BEGIN PRIVATE KEY--- (no RSA), then you will need to convert it. You can use OpenSSL for that:

openssl rsa -in server.key -out server_rsa.key
Tzach
  • 12,889
  • 11
  • 68
  • 115
  • 1
    Thanks a lot for this advice! I had this headace. Then I added the abbreviation RSA at the beginning and at the end of the key and... it worked :)! -----BEGIN RSA PRIVATE KEY----- [key] -----END RSA PRIVATE KEY----- – Mary Seleznova Feb 05 '21 at 19:25
  • Yes, Google App Engine's custom certificate needs the "RSA" bot be added. Thank you for saving my day! – bir_ham Aug 25 '23 at 08:25
3

Ok, SSL configuration continues to be like trying to bathe a black cat in a dark room. Here's the answer that worked for me: Trouble with Google Apps Custom Domain SSL

Community
  • 1
  • 1
Scott Means
  • 635
  • 6
  • 8
  • Truly pathetic. I can't imagine the amount of hours wasted jumping through these ridiculous configuration hoops. Every time I need to cartwheel around the room for 2 hours. – Damien Roche Jan 22 '19 at 08:28