0

I am trying to create a ssl sertificate for my apache virtual hosts for my local development using this guide. But all my attempts are in vain because of the error.

STEPS I DO

  1. ssh-keygen -f server.key Two files was created (server.key and server.key.pub) Their content is:

server.key

    -----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAweaBRvcXqstUPFzn3qV5NbKEUqUOV26TtWwAVMLkJpqEhvLbf9q9
u99DInIYUuqVG1T61PsINhRqgbF2GZs72bDBsIu3CY2VP5BI81251opzN31dG0zznIHvuf
VkjuRbz3vOdt+XZD9WRsCyBE9Z+p4v14PS+Q15S5kn+mDoT+SOwokBBRItU0Oqb6qg7j2e
jAioPhQEIt4LuhhgQ8CMqPsS4iNNau9a4I3fxk9S1DoUknGQxBYGMPZJGhYfc9E9GN6ux8
O86Q0Ao4Pk3PWbTt4H+bpQA/3Kg+eZLQTNIFia6GMfYPCU1FYGGQ4Cc9pBg3krpIlu9RE1
tU4bRUr7RGOxZYoDVo1r1oIJhHlYbOjoS2jRHP9pd9DvDaOjsM2hSGR0+gqOwQzRiaQWOc
8pLudahRWdLBi4Eb+8LHc3KSbPxq+3wayN20BkJ0OGXx5RFsjDKiDdfufb1gA6XozNoc/u
x7I1mi4Ed+tT560iqMKjfQwHEW2Os+jZjgBDdwHPAAAFmF8AYWFfAGFhAAAAB3NzaC1yc2
EAAAGBAMHmgUb3F6rLVDxc596leTWyhFKlDlduk7VsAFTC5CaahIby23/avbvfQyJyGFLq
lRtU+tT7CDYUaoGxdhmbO9mwwbCLtwmNlT+QSPNdudaKczd9XRtM85yB77n1ZI7kW897zn
bfl2Q/VkbAsgRPWfqeL9eD0vkNeUuZJ/pg6E/kjsKJAQUSLVNDqm+qoO49nowIqD4UBCLe
C7oYYEPAjKj7EuIjTWrvWuCN38ZPUtQ6FJJxkMQWBjD2SRoWH3PRPRjersfDvOkNAKOD5N
z1m07eB/m6UAP9yoPnmS0EzSBYmuhjH2DwlNRWBhkOAnPaQYN5K6SJbvURNbVOG0VK+0Rj
sWWKA1aNa9aCCYR5WGzo6Eto0Rz/aXfQ7w2jo7DNoUhkdPoKjsEM0YmkFjnPKS7nWoUVnS
wYuBG/vCx3Nykmz8avt8GsjdtAZCdDhl8eURbIwyog3X7n29YAOl6MzaHP7seyNZouBHfr
U+etIqjCo30MBxFtjrPo2Y4AQ3cBzwAAAAMBAAEAAAGBALsehFGEsN1M/UyHZ+gwDinozd
Onn5B2kKr6v9MMhPpQEWbdxT+8S2+bhIEgVCLoaN6Igsu4OfNefm4MYOlTKk3pSvHh0tCw
RoCh8BSTtXy5/XhmTczD1TCLIFp32wQekg9H7jY/jizbBpqe6OxJ246Ey6ySda2M+Cohcj
go/ufirHZFmqtXIFCDM14x7r4azv9ad2n5DQjM+cosLfIURmnoag+7e8GfnTapE3OgJ1HR
fvrYB5mDm5PyiRdYlB/DoiE985TZMQCWhOQ5viXoIFKQLjfA/G6S4QiMs0DEhLMTug38HU
Iv/T2xB6ne4yo7LF0lBGv6/5NLe7tokq9edXy/XiewuuB4PcPO7exn5S2kmWssZUf1cJOm
8lu6S41W6X8nV+v/2E0Y935KvQpQg/w343Kb9+bmftdr0KOznH47bG/t1e1tq6bd4cngt+
FeFJB8mKCwwY9jrxOqkLJrnwWCA2Q8qhYwzE88q+MguZZEff7oITd1k+RCOMvTLW8OKQAA
AMEAi57u84CMEN/BLvP0iDjT55IAZiIOSU38vk09myzleTknIk8dIvm+j+90ZqIxWp7X/X
UcGe4zaK/tc1zJvIeDtjPPSs8ysLCaRdTiC5WxuIed4I1zE0CVhbIhHAY523mV59Wn6Ypr
fvtZgt7oD8R6fE7A0rKQ+QDHkWfsApop4cQIAksF4W2EKl1i0HfLIDrWrT9cpc+52TajoU
mkIV59UT2stSrqv7tQr6I5Pgr3o6l209QAY238toNi4RWkJvzNAAAAwQDlzC9GkYub8d++
c6x/Tqs3U+aWNAh8dT8paJiHELQ70CHX6siArOdlZctS8j1tgucwTeKl1fitHfa+dm47zW
FTvymTLXNp8AdjDyC2puY1sSjfxlXBQeFwYQR36JxZABtjQJqbv8RobkFkkVx5k9r4I3em
JOn9/7St6+is60MjO1DKcHOGpjIwnH0XDthTyTVcQt6CwPNOOOFwP38pJ1gaxmEMPU0KfR
m+ynmaEnS099XnBtoYzKHh3bPaEdrXKaUAAADBANgCek/tgcRvg5mnvf7ikouvBsyivQeB
fJXn8Pci2MxXjiiIhGl5WVKHujSfOnECnm1P3MQj+JfZNvp79iwMvANdN7l/J/HhZc+Rne
D28DU2AtEA1k9UwdjEvrmK3QVrzpODhXL9PxZr3+7bTGN4nZdlzC9sjQnknLLn27WCom7p
KnZ76ymse0LZhkhVeciNhafsRspVYrYbyKhEVqBGoS+eLvQB8FmJZIMBhMNJOk7f1pIGSt
daVsd0RGN/n++bYwAAABthbGV4QE1hY0Jvb2stQWlyLWFsZXgubG9jYWwBAgMEBQY=
-----END OPENSSH PRIVATE KEY-----

server.key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDB5oFG9xeqy1Q8XOfepXk1soRSpQ5XbpO1bABUwuQmmoSG8tt/2r2730MichhS6pUbVPrU+wg2FGqBsXYZmzvZsMGwi7cJjZU/kEjzXbnWinM3fV0bTPOcge+59WSO5FvPe85235dkP1ZGwLIET1n6ni/Xg9L5DXlLmSf6YOhP5I7CiQEFEi1TQ6pvqqDuPZ6MCKg+FAQi3gu6GGBDwIyo+xLiI01q71rgjd/GT1LUOhSScZDEFgYw9kkaFh9z0T0Y3q7Hw7zpDQCjg+Tc9ZtO3gf5ulAD/cqD55ktBM0gWJroYx9g8JTUVgYZDgJz2kGDeSukiW71ETW1ThtFSvtEY7FligNWjWvWggmEeVhs6OhLaNEc/2l30O8No6OwzaFIZHT6Co7BDNGJpBY5zyku51qFFZ0sGLgRv7wsdzcpJs/Gr7fBrI3bQGQnQ4ZfHlEWyMMqIN1+59vWADpejM2hz+7HsjWaLgR361PnrSKowqN9DAcRbY6z6NmOAEN3Ac8= alex@MacBook-Air-alex.local

Encodings of this files: encodings

  1. Then I am trying to create request file: sudo openssl req -new -key server.key -out request.csr and on this step I see this:

    unable to load Private Key 8672677548:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/System/Volumes/Data/SWE/macOS/BuildRoots/e90674e518/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.2/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: ANY PRIVATE KEY

I have tried to change encoding but still encounter same error, but maybe I'm doing something wrong. Most things I found in the internet are outdated, are any proven solutions exist?

Alexey
  • 185
  • 12
  • You need to convert the keys into pem format http://sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL – kofemann Jul 04 '21 at 06:47
  • @kofemann by command `openssl rsa -in server.key -out server.pem`? If so - it returns same error – Alexey Jul 04 '21 at 06:50
  • The guide you use is wrong. You cannot directly use a key generated by ssh-keygen to create a CSR. SSH key format is not suitable here. Create your key using `openssl genrsa -out server.key` or similar. Follow other guides like [this](https://www.ssl.com/how-to/manually-generate-a-certificate-signing-request-csr-using-openssl/) instead. – Steffen Ullrich Jul 04 '21 at 07:27
  • Alternatively you can convert the SSH key to PEM using ssh-keygen - see [Openssh Private Key to RSA Private Key](https://stackoverflow.com/questions/54994641/openssh-private-key-to-rsa-private-key). – Steffen Ullrich Jul 04 '21 at 08:38
  • @SteffenUllrich Thank you. You can write this as an answer, because it worked for me – Alexey Jul 05 '21 at 15:35

0 Answers0