Welcome to the Linux Foundation Forum!

Lab 15 Unable to load CA Private Key

I'm stuck at this command.

Step 5:

Lab command:

  1. student@master: ̃$ sudo openssl x509 -req -in DevDan.csr \
  2. -CA /etc/kubernetes/pki/ca.crt \
  3. -CAkey /etc/kubernetes/pki/ca.key \
  4. -CAcreateserial \
  5. -out DevDan.crt -days 45

My command

  1. augspies@lfs-main:~/L15$ sudo openssl x509 -req -in DevDan.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.crt -CAcreateserial -out DevDan.crt -days 45

Contents of ~/L15

  1. drwxrwxr-x 2 augspies augspies 4096 Apr 26 20:34 .
  2. drwxr-xr-x 16 augspies augspies 4096 Apr 26 20:31 ..
  3. -rw-r--r-- 1 root root 0 Apr 26 20:36 DevDan.crt
  4. -rw-rw-r-- 1 augspies augspies 915 Apr 26 20:32 DevDan.csr
  5. -rw------- 1 augspies augspies 1675 Apr 26 20:31 DevDan.key

Error message:

  1. Signature ok
  2. subject=CN = DevDan, O = development
  3. Getting CA Private Key
  4. unable to load CA Private Key
  5. 140025450570176:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

What am I getting wrong here.

Comments

  • Posts: 2,443

    Hi @tjghost,

    The error that the private key is not loaded is generated because your openssl command includes ca.crt twice, and there is no ca.key where it is expected after the -CAkey option.

    Revise your command and provide the path to ca.key for the-CAkey option.

    Regards,
    -Chris

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training