Geek Answers Handbook

SSL configuration issues continue to receive "invalid non-passphrase sensitive keys"

I received a security certificate on StartSSL.com and closely followed Heroku's steps. I was given intermediate as well as root certificates.

I tried different methods to combine these files, but I get this error (see screenshot)

http://i.imgur.com/8WVmAVu.jpg

How can I fix this error?

Files I downloaded:

ca.pem (root cert) sub.class1.server.ca.pem (intermediate cert) copy and pasted the private key as server.key copy and pasted the certificate as server.orig.crt There also the ca-bundle.pem that I tried using but no luck

I just reloaded all the files and ran this "cat server.orig.crt sub.class1.server.ca.pem ca-bundle.pem> server.crt" Then the heroku certificates were executed: add server.crt server.key and I get this mistake

 Unable to read server.crt file

Also, I just tried without any CAT and just β€œheroku certs: add ca-bundle.pem server.key” and I get this error

 No certificate given is a domain name certificate
+7
source share
1 answer

A pem encoded certificate chain suitable for installation on heroku should consist of the following: for the site, intermediate, and then for the root certificate encoded in pem.

 cat server.orig.crt sub.class1.server.ca.pem ca.pem > heroku.crt

I like the problem with your private key more - you need to make sure that the pem file is not encrypted with a passphrase and that this is the same key pair that is used to create the certificate. The head of the private key will look like this if encrypted:

 -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED ...

instead of just:

 -----BEGIN RSA PRIVATE KEY----- MIICaQIBAAKBhACxlzv7H57F+vapTjqS9qdfDg20RjwFFU1B3yK8SqN7rX0jpjsW H3B2lhCqKPWd2To2LoOolhnsFbr5qlKK3ep/nuUZfkx1aOIg4L0FgzbuCSJfKE5B ...

In the first case, run (linux, mac os):

 openssl rsa -in server.key -out server.unencrypted.key

and enter the passphrase when prompted. Then use server.unencrypted.key in the heroku call to add the certificate.

+9
source

More articles:


All Articles