The method described in message 7 solved my problem. Thanks!
If you have the private key in PKCS#8 format (OpenSSL's default), then there's a more straightforward way to produce the PKCS#1 public key:
openssl rsa -in pkcs8.privatekey -RSAPublicKey_out >pkcs1.publickey
------------------------------
András Jákó
------------------------------
Original Message:
Sent: 04-03-2023 12:57 AM
From: DF51
Subject: Error importing SSL Certificate
I know this is 2.5 years later, but in case anyone else runs into this, the problem is that Aruba wants the private and public keys in PKCS#1 format (-----BEGIN RSA PRIVATE KEY-----), while most openssl certificates are being generated in PKCS#8 format (-----BEGIN PRIVATE KEY-----). The "invalid header' is because it's not seeing "RSA" in the first line of either the private or public keys.
So... while you can't just insert "RSA" into the headers and get it to work, there are methods to convert the private key and public key to the older PKCS#1 format.
To convert a PKCS#8 private key to PKCS#1 you can use this openssl command:
openssl rsa -in pkcs8.privatekey -out pkcs1.privatekey
To convert a PKCS#8 public key to PKCS#1 it's a little more "squirrely". What you have to do is:
- change the first line from "-----BEGIN PUBLIC KEY-----" to "-----BEGIN RSA PUBLIC KEY-----"
- delete the first 32 characters of the actual public key.
- change the last line from "-----END PUBLIC KEY-----" to "-----END RSA PUBLIC KEY-----"
This is a bash command that will do that:
echo -e "-----BEGIN RSA PUBLIC KEY-----\n$(cat "pkcs8.publickey" | grep -v "^-----" | sed -r '1s/^.{32}//')\n-----END RSA PUBLIC KEY-----" > "pkcs1.publickey"
FWIW, this post has a good description of the difference between the PKCS#1 and PKCS#8 public key file format.
Bottom line is Aruba should update their code to recognize PKCS#8 formatted public and private keys.
Original Message:
Sent: 10-02-2020 12:40 PM
From: Archive User
Subject: Error importing SSL Certificate
Hello,
I created a certificate on my CA and tried to add the certificate with "Certificate", RSA Public and RSA Private Key. It always shows "Error importing public certificate" header is correct as the manual mentions. Even trying to create a signing request fails after the certificate is signed. I'm not able so sign it.
Any suggestions? Anyone got this working?