Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Dear Expert ,

 

To work on Import Script, we are going by Certificate based Authentication . So while Generating encrypted private key from received certificate.pfx, I am getting below error  . Though I was able to generate the Public key and unencrypted Private key .

 

I followed the Anaplan Connect Guide while creating encrypted private key , but its throwing error in 2nd command .

 

OpenSSL> pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\\PRIV_KEY.pem" -outform PEM - "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk
pkcs8: Option unknown option -
pkcs8: Use -help for summary.
error in pkcs8

 

Kindly Advice me Please !

Warm Regards

Shail

 

Best Answer

  • MarkWarren
    Answer ✓
    Hi, I haven't had the chance to try this and verify but could you try changing the path, well the directory name, "Temp Folder- to be deleted" to something without spaces? I'd use "temp_folder" for example.

Answers

  • the "out" parameter was missing (also spotted 2 backslashes in the PRIV_KEY.pem path):
    OpenSSL> pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -outform PEM -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk

  • Hi Mark ,

     

    thank you for your kind favor!

     

    I did the execution of same command shared by you but still throwing error. Seems error "pkcs8: Option unknown option - error in pkcs8" hope its not able to recognize pkcs8 .

    Command for Encrypted Private Key :

    pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -outform PEM -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk

     

    Error : pkcs8: Use -help for summary.
    error in pkcs8
    OpenSSL>

     

    Infect I tried to Create Java Key Store Bundle but again throwing Error. Sharing Command Below for Java key store bindle.

     

    Command For Java Key Store Bundle Creation :

    pkcs12 -export -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\Publicrt222.pem" -inkey "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\keystore_bundle.p12" -name KEYSTORE_VIR

     

    Error :

    unable to load private key
    18152:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto\evp\evp_enc.c:610:
    18152:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto\pkcs12\p12_decr.c:63:
    18152:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto\pkcs12\p12_decr.c:94:
    18152:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto\pem\pem_pkey.c:88:
    error in pkcs12

     

    I would be highly thankful for your support. awaiting to hear !

     

    warm Regard

    Shailender Dueby

     

     

  • Hello @MarkWarren @Shailendr ,

     

    My colleague Jon Ferneau and I coauthored this interactive CA Certificate guide which can help walk you through the conversation steps. See if this helps and let me know if you still get stuck. 

     

    https://community.anaplan.com/t5/Common-Support-Questions/Interactive-CA-Certificate-Guide/ta-p/58492

  • Hi DSoomer ,

     

    I exactly following same commands for creation of Encrypted private and Java key store bundle ,But unfortunately its not working for we  . For your Information we received Certificate in .pfx format from vendor .we did extracted public cert and Private unencrypted key.

     

    But my challenge here is while extracting Encrypted Private key and while creation of Java key bundle I am getting with error as highlighted above.

    I would be highly thankful for your great advice to crack it down.

     

    Warm Regards

    Shailender Dubey

  • Dear Mark ,

     

    thanks for your Guidance , Now I am god to generate the Encrypted Private key from Received .pfx client certificate .

     

    Command For Encrypted Private Key.


    pkcs12 -in "D:\Anaplan Integration\Certificates\XYZ.pfx" -nocerts -out "D:\Anaplan Integration\Certificates\PVTKEY.pem"

     

    pkcs8 -inform PEM -in "D:\Anaplan Integration\Certificates\PVTKEY.pem" -outform PEM -out "D:\Anaplan Integration\Certificates\ENPVTKY.pem" -passout pass:TrwtPFZ

     

    Now I am looking for Key store Bundle Creation for Public/Private key .Soon Update on same .

     

    Thank you once Again for your Guidance!

     

    Warm Regards

    Shail