Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Shailendr
Occasional Contributor

Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Dear Expert ,

 

To work on Import Script, we are going by Certificate based Authentication . So while Generating encrypted private key from received certificate.pfx, I am getting below error  . Though I was able to generate the Public key and unencrypted Private key .

 

I followed the Anaplan Connect Guide while creating encrypted private key , but its throwing error in 2nd command .

 

OpenSSL> pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\\PRIV_KEY.pem" -outform PEM - "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk
pkcs8: Option unknown option -
pkcs8: Use -help for summary.
error in pkcs8

 

Kindly Advice me Please !

Warm Regards

Shail

 

1 ACCEPTED SOLUTION

Accepted Solutions
MarkWarren
Expert

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Hi, I haven't had the chance to try this and verify but could you try changing the path, well the directory name, "Temp Folder- to be deleted" to something without spaces? I'd use "temp_folder" for example.

View solution in original post

6 REPLIES 6
MarkWarren
Expert

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

the "out" parameter was missing (also spotted 2 backslashes in the PRIV_KEY.pem path):
OpenSSL> pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -outform PEM -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk

Shailendr
Occasional Contributor

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Hi Mark ,

 

thank you for your kind favor!

 

I did the execution of same command shared by you but still throwing error. Seems error "pkcs8: Option unknown option - error in pkcs8" hope its not able to recognize pkcs8 .

Command for Encrypted Private Key :

pkcs8 -inform PEM -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -outform PEM -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\AC_PRIV_KEY.pem" -passout pass: q2UvIFdnuzdk

 

Error : pkcs8: Use -help for summary.
error in pkcs8
OpenSSL>

 

Infect I tried to Create Java Key Store Bundle but again throwing Error. Sharing Command Below for Java key store bindle.

 

Command For Java Key Store Bundle Creation :

pkcs12 -export -in "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\Publicrt222.pem" -inkey "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\PRIV_KEY.pem" -out "D:\Anaplan Integration\Xtra\Temp Folder- to be deleted\keystore_bundle.p12" -name KEYSTORE_VIR

 

Error :

unable to load private key
18152:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto\evp\evp_enc.c:610:
18152:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto\pkcs12\p12_decr.c:63:
18152:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto\pkcs12\p12_decr.c:94:
18152:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto\pem\pem_pkey.c:88:
error in pkcs12

 

I would be highly thankful for your support. awaiting to hear !

 

warm Regard

Shailender Dueby

 

 

DaanishSoomar
Certified Master Anaplanner

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Hello @MarkWarren @Shailendr ,

 

My colleague Jon Ferneau and I coauthored this interactive CA Certificate guide which can help walk you through the conversation steps. See if this helps and let me know if you still get stuck. 

 

https://community.anaplan.com/t5/Common-Support-Questions/Interactive-CA-Certificate-Guide/ta-p/5849...

Shailendr
Occasional Contributor

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Hi DSoomer ,

 

I exactly following same commands for creation of Encrypted private and Java key store bundle ,But unfortunately its not working for we  . For your Information we received Certificate in .pfx format from vendor .we did extracted public cert and Private unencrypted key.

 

But my challenge here is while extracting Encrypted Private key and while creation of Java key bundle I am getting with error as highlighted above.

I would be highly thankful for your great advice to crack it down.

 

Warm Regards

Shailender Dubey

MarkWarren
Expert

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Hi, I haven't had the chance to try this and verify but could you try changing the path, well the directory name, "Temp Folder- to be deleted" to something without spaces? I'd use "temp_folder" for example.

View solution in original post

Shailendr
Occasional Contributor

Re: Regarding CA Certificte - Ceretion of Encrypted Private key from Recieved S/MIME Certificate.

Dear Mark ,

 

thanks for your Guidance , Now I am god to generate the Encrypted Private key from Received .pfx client certificate .

 

Command For Encrypted Private Key.


pkcs12 -in "D:\Anaplan Integration\Certificates\XYZ.pfx" -nocerts -out "D:\Anaplan Integration\Certificates\PVTKEY.pem"

 

pkcs8 -inform PEM -in "D:\Anaplan Integration\Certificates\PVTKEY.pem" -outform PEM -out "D:\Anaplan Integration\Certificates\ENPVTKY.pem" -passout pass:TrwtPFZ

 

Now I am looking for Key store Bundle Creation for Public/Private key .Soon Update on same .

 

Thank you once Again for your Guidance!

 

Warm Regards

Shail