What to Do if OpenSSL Does Not Find Your Private Key

by

As we were trying to combine a private key with a certificate into a pkcs12 file, we got this OpenSSL error:

unable to load private key
11528:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting: ANY PRIVATE KEY

The file for the private key contained a private key, but OpenSSL could somehow not find it.

As it turns out, OpenSSL needs an UTF-8 encoded private key file, while we had one in UTF-8-BOM:

The private key file has the wrong encoding of UTF-8-BOM as seen in the status bar at the bottom of Notepad++

We can change the encoding in Notepad++ with the menu entry Encoding / Convert to UTF-8:

Select the menu Encoding / Convert to UTF-8 in Notepad++

After this change of the encoding, we see UTF-8 in Notepad++:

After the change in the encoding, Notepad++ shows the encoding as UTF-8 in the status bar

We could now run the OpenSSL command again and it worked as expected. A better and more telling error message would be of great help. As it is, it takes a lot of time to find the source of the problem.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.