curl - SSL certificate generated with OpenSSL not working on NSS

Question

Welcome To Ask or Share your Answers For Others

curl - SSL certificate generated with OpenSSL not working on NSS

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

curl - SSL certificate generated with OpenSSL not working on NSS

I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS.

cURL is returning this error:

unable to load client key: -8178 (SEC_ERROR_BAD_KEY)

I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS.

I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T17:59:13+0000

The failure was due to my PKCS#8 private key format:
- With a PKCS#8 private key
-----BEGIN ENCRYPTED PRIVATE KEY----- header
or
-----BEGIN PRIVATE KEY----- header
curl+openssl works, but not curl+nss+libnsspem.so
- With a RSA private key
-----BEGIN RSA PRIVATE KEY----- header
both curl+openssl and curl+nss+libnsspem.so work.

So use this command openssl rsa -in key.pem -out newkey.pem to remove the pass phrase on an RSA private key:

Categories

curl - SSL certificate generated with OpenSSL not working on NSS

curl - SSL certificate generated with OpenSSL not working on NSS

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags