Anaplan Certificate Authentication using python


Hello everyone,


We are working on POC to integrate Anaplan with the other system in the enterprise, We are using Python, and currently struck at the Certificate Authentication


We are using the below Code to Test the Authentication using the Certificate (public Key), Private Key and we are following, Please find the attached python script that we are using


Code Reference:



below is the error


C:\python> python
Enter PEM pass phrase:
Traceback (most recent call last):
File "", line 47, in <module>
generate_ca_cert_authentication(anaplan_public_certificate,File "", line 24, in generate_ca_cert_authentication
key = crypto.load_privatekey(crypto.FILETYPE_PEM, st_key) File "C:\Python\venv\lib\site-packages\OpenSSL\", line 2916, in load_privatekey
_raise_current_error() File "C:\Python\venv\lib\site-packages\OpenSSL\", line 57, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: [('digital envelope routines', 'EVP_DecryptFinal_ex', 'bad decrypt'), ('PKCS12 routines', 'PKCS12_pbe_crypt', 'pkcs12 cipherfinal error'), ('PKCS12 routines', 'PKCS12_item_decrypt_d2i', 'pkcs12 pbe crypt error'), ('PEM routines', 'PEM_read_bio_PrivateKey', 'ASN1 lib')]




  • Hi @timmapuramreddy 

    I think your private key is encrypted and requires the password to load it. While you were trying to get the private key through Openssl you might have provided password for it. So when you want to load the private key then you should provide the password.

    private key without encryption begin with 

    ------Begin PRIVATE KEY-----------

    ------End PRIVATE KEY-------------

    private key with encryption begin with

    ------Begin Encrypted PRIVATE KEY-------

    -------End Encrypted PRIVATE KEY--------


    from cryptography.hazmat.primitives import serialization

    >>> with open("path/to/key.pem", "rb") as key_file:
    ... private_key = serialization.load_pem_private_key(
    ... password=None,
    ... )

    Also the URL that you have provided in the code should be  


    Riyaz Pasha