What to Do if OpenSSL Does Not Find Your Private Key

As we were trying to combine a private key with a certificate into a pkcs12 file, we got this OpenSSL error:

openssl pkcs12 -export -name "Domain" -out Domain.pfx -inkey private.key -in Domain.crt

unable to load private key 11528:error:0909006C:PEM 
routines:get\_name:no start line:crypto\\pem\\pem\_lib.c:745:
Expecting: ANY PRIVATE KEY

The file for the private key contained a private key, but OpenSSL could somehow not find it.

As it turns out, OpenSSL needs an UTF-8 encoded private key file, while we had one in UTF-8-BOM:

The private key file has the wrong encoding of UTF-8-BOM as seen in the status bar at the bottom of Notepad++

We can change the encoding in Notepad++ with the menu entry Encoding / Convert to UTF-8:

Select the menu Encoding / Convert to UTF-8 in Notepad++

After this change of the encoding, we see UTF-8 in Notepad++:

After the change in the encoding, Notepad++ shows the encoding as UTF-8 in the status bar

We could now run the OpenSSL command again and it worked as expected. A better and more telling error message would be of great help. As it is, it takes a lot of time to find the source of the problem.