Lab 15 Unable to load CA Private Key

tjghost

I'm stuck at this command.

Step 5:

Lab command:

[email protected]: ̃$ sudo openssl x509 -req -in DevDan.csr \
-CA /etc/kubernetes/pki/ca.crt \
-CAkey /etc/kubernetes/pki/ca.key \
-CAcreateserial \
-out DevDan.crt -days 45

My command

[email protected]:~/L15$ sudo openssl x509 -req -in DevDan.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.crt -CAcreateserial -out DevDan.crt -days 45

Contents of ~/L15

drwxrwxr-x  2 augspies augspies 4096 Apr 26 20:34 .
drwxr-xr-x 16 augspies augspies 4096 Apr 26 20:31 ..
-rw-r--r--  1 root     root        0 Apr 26 20:36 DevDan.crt
-rw-rw-r--  1 augspies augspies  915 Apr 26 20:32 DevDan.csr
-rw-------  1 augspies augspies 1675 Apr 26 20:31 DevDan.key

Error message:

Signature ok
subject=CN = DevDan, O = development
Getting CA Private Key
unable to load CA Private Key
140025450570176:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

What am I getting wrong here.

chrispokorni

Hi @tjghost,

The error that the private key is not loaded is generated because your openssl command includes ca.crt twice, and there is no ca.key where it is expected after the -CAkey option.

Revise your command and provide the path to ca.key for the-CAkey option.

Regards,
-Chris