On Dec 20, 2019, at 6:27 PM, Coy Hile <coy.hile@coyhile.com> wrote:
And, for posterity’s sake, I found the solution here. The server.pem file created by the bootstrap script looks thus:
``` Bag Attributes localKeyID: ... issuer=... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- Bag Attributes more garbage... -----BEGIN ENCRYPTED PRIVATE KEY----- ... ——END ENCRYPTED PRIVATE KEY—— ```
Hmm... that's terrible. I think OpenSSL changed that a while back. It's a fairly stupid thing to do, IMHO. If I want the PEM file, I don't care about extra garbage being printed.
Once I moved the private key to the top of the file (and removed the Bag attributes information (which I haven’t seen before)), ending up with the server.pem looking thus:
``` ——BEGIN ENCRYPTED PRIVATE KEY----- ... ——END ENCRYPTED PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ```
the world is good to go.
That's good to hear. It's not clear why OpenSSL reads the file one mode but not the other. Alan DeKok.