FAQ | net> Date: 2007-10-30 14:48:18 Message-ID: 528201.82599.qm web31807 ! Style derived from original subSilver theme. Asking for help, clarification, or responding to other answers. OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pemLoading 'screen' into random state - done Generating a 1024 bit RSA private key writing new private key to 'mykey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY If your private key really. I had a problem with my certificate because I left passphrase in blank, so then I could not generate another certificate or open the current one, http://en.gentoo-wiki.com/wiki/Complete_Virtual_Mail_Server/SMTP_Authentication. You can either create a brand new key and CSR and contact support, or you can do a search for any other private keys on the system and see if they match. Then I replaced the contents of the httpd/ssl/ssl-private-key.pem with the contents of the server.key file generated by OpenSSL. To learn more, see our tips on writing great answers. Certificate Authorities (CA) guarantee that the key belongs to an organization, server, or other entity listed in the certificate. Sign in to view. Indeed, the private key file I downloaded from GoDaddy included the byte-order mark (BOM), causing expressjs.https to fail to load the private key. What does "nature" mean in "One touch of nature makes the whole world kin"? edu> Date: 2001-02-12 19:17:32 [Download RAW message or body] Thanks Dr S N Henson, I am in the directory above it: First I tried again from demoCA: > perl ../apps/CA.pl -signreq Using configuration from /usr/p Why is email often used for as the ultimate verification, etc? openssl req -new -key privatekey.pem -out csr.pem I get: unable to load Private Key 6312:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY I've tried Googling this a bit, but none of the solutions I've found seem to be relevant for me. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy. Why would merpeople let people ride them? The reason I did it this way is that because it was signed by my AD Certification authority, all my of domain computers will trust this cert automatically. site design / logo © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. We will have a default configuration file openssl.cnf … If your company has an existing Red Hat account, your organization administrator can grant you access. Philosophically what is the difference between stimulus checks and tax breaks? All times are GMT … OpenSSL>req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pemLoading 'screen' into random state - done Generating a 1024 bit RSA private key writing new private key to 'mykey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. To search for all private keys on your server: I was told the key file is DES encrypted and I kno - certificate.fyicenter.com unable to load certificate 140603809879880:error:0906D06C:PEM routines: ... X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: 76:70: ... but the private key is rsa. openssl x509 -inform der -in KeyInterCARoot.cer -out KeyInterCARoot.pem Ran the following: openssl rsa -modulus -noout -in KeyCARoot.key openssl : unable to load Private Key At line:1 char:1 openssl rsa -modulus -noout -in KeyCARoot.key ~~~~~ CategoryInfo : NotSpecified: (unable to load Private Key:String) [], RemoteException yahoo ! domain.key) – $ openssl genrsa -des3 -out domain.key 2048. The private key is stored on the machine where you create the CSR. your coworkers to find and share information. Read more → If the md5 hashes are the same, then the files (SSL Certificate, Private Key and CSR) are compatible. ie: Small correction to @dps - the input format should be, Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY), Podcast 300: Welcome to 2021 with Joel Spolsky, Unable to load Private Key. Resaving both files in ANSI format solved the problem. Signaling a security problem to a company I've left, Allow bash script to be run as root, but not sudo. – lgeorget Apr 26 '13 at 22:52 yes , you are right , i was copying from the page . Hi all, I wan’t to use the Nitrokey HSM module to sign a self sign certificate with a self signed certificate authority. It's likely that your private key is using the same encoding. C:\Program Files\OpenSSL>ca server Simple CA utility Written by Artur Maj ([email protected]) Warning! Re: [OpenXPKI-users] PERSIST_CSR activity: Unable to load CA private key Re: [OpenXPKI-users] PERSIST_CSR activity: Unable to load CA private key From: Alexander Klink <[email protected]> - 2009-01-28 12:50:29 No discussion of this anywhere. Whether run as root or not. What is the rationale behind GPIO pin numbering? Unable to load Public Key (OpenSSL RSA, Debian Squeeze) Hi everyone, ... RSA public key encryption/private key decription: koningshoed: Linux - Security: 1: 08-08-2002 08:25 AM: LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie. If the first commands shows any errors, or if the modulus of the public key in the certificate and the modulus of the private key do not exactly match, then you're not using the correct private key. I'm sorry, I did not know much about when it comes to this subject. I have verified the password on the CA private key and the key itself using: openssl rsa -text -check -in *my_keyfile* The above command prompts for the password which I enter and it opens and checks the file just fine. It already fails at creating the CA. Stack Overflow for Teams is a private, secure spot for you and C:\OpenSSL\bin>openssl rsa < newreq.pem > newkey.pem unable to load Private Key 6068:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: ANY PRIVATE KEY From what I can tell, I have followed the steps exactly as listed and have even started from scratch several times all to the same result. Now, when I input my seemingly good passphrase I get back: Why can a square wave (or digital signal) be transmitted directly through wired cable but not wireless? Usergroups | mud ! Unable to load module (null) Unable to load module (null) PKCS11_get_private_key returned NULL cannot load CA private key from engine 140396815820608:error:81065401:libp11:pkcs11_CTX_load:Unable to load PKCS#11 module:p11_load.c:77: 140396815820608:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key… If you want to do it all at once then a slightly different form of the command is required (I will assume you want an RSA key - changes are required for DSA or ECC): openssl req -newkey rsa:2048 -keyout privkey.pem -out cacert.pem -x509 -new -days 1095 This will result in something that looks like this: Generating a 2048 bit RSA private key .....+++ .....+++ writing new private key to 'privkey.pem' … PRIVATE KEY`, Got this solved by providing the key file along with the command. Log in net> Date: 2007-10-30 14:48:18 Message-ID: 528201.82599.qm web31807 ! What is the status of foreign cloud apps in German universities? -sh-4.2$ openssl req -x509 -new -key CA.priKey -subj "/CN=CA" -sha256 -out CA.cer unable to load Private Key 139960278935440:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239: com [Download RAW message or body] Hey all, I'm very new to security and generating key files. You're going to have to show us what the private key file looks like, otherwise we're just guessing. Designed by Kyle Manna © 2003; 17. OpenSSL Error messages, Unable to encrypt private key using openssl. The switch is -inkey inkeyfile.pem, My two cents: Thanks for contributing an answer to Stack Overflow! Using configuration from /etc/ssl/openssl.cnf unable to load CA private key 140676492514984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY Signed certificate is in newcert.pem mail ! Enter a password when prompted to complete the process. Why is it that when we say a balloon pops, we say "exploded" not "imploded"? forum-mods@gentoo.org, Copyright 2001-2021 Gentoo Foundation, Inc. com [Download RAW message or body] Hey all, I'm very new to security and generating key files. Generate a CRL (Certificate Revocation List) with openssl ca. (PEM routines:PEM_read_bio:no start line:pem_lib.c:648:Expecting: ANY PRIVATE KEY), OpenSSL: PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE, HAPI SSL error:0906D06C:PEM routines:PEM_read_bio:no start line, OpenSSL unable to load certificate on backend, Error when getting C# generated public keys in PHP, Convert PEM traditional private key to PKCS8 private key. Press CTRL-C to break, or ENTER to continue... ----- Step 1: Generate the keys and the certificate request stanford ! If you create a CSR (certificate signing request) on the Firebox via FSM, then have it signed as a webserver cert on your enterprise CA, you should be able to choose the output of from the CA … openssl rsa -in example.key -noout -modulus | md5sum "unable to load private key" Issue Thanks, this helped! It looks as if the openssl rsa command also accepts a -inform argument, so try: openssl rsa -text -in file.key … Posted: Thu Feb 27, 2014 3:11 am Post subject: use openssl : unable to load CA private key 01010101001 changed the title update-users always fails on 'unable to load CA private key' from openssl PLEASE REOPEN - update-users always fails on 'unable to load CA private key' from openssl Oct 17, 2017. Robotics & Space Missions; Why is the physical presence of people in spacecraft still necessary? Log in to check your private messages | First, make sure you have created the demoCA/crlnumber file with a value. Below is the command to create a password-protected and, 2048-bit encrypted private key file (ex. openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/. Create a Private Key. Once the proper version of encoding was selected for the new certificate download, error was resolved. This command creates a new CSR (domain.csr) based on an existing private key (domain.key): openssl req \ -key domain.key \ -new -out domain.csr. | Register, Links: [prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: ca server - unable to load CA private key From: Frank Garber \local\OpenSSL-Win32\bin\openssl.exe OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg Enter pass phrase for my_ca.key: ./demoCA/serial: No error error while loading serial number … No, the private key is not part of the CSR. My nodejs server didnot authorized this client certificate. 我明白了 . The content of the C:\CA\temp\vnc_server directory will be removed. 01010101001 changed the title update-users always fails on 'unable to load CA private key' from openssl PLEASE REOPEN - update-users always fails on 'unable to load CA private key' from openssl Oct 17, 2017. The data can only be decrypted by using a unique private key … Maybe you should have asked your friend about the error message! Cool Tip: Check the quality of your SSL certificate! unable to load Private Key 140000419358368:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY Using configuration from C:\Progra~1\OpenSSL\openssl.conf Loading 'screen' into random state - done Enter pass phrase for C:\CA\private\CAkey.pem: unable to load CA private key 8544:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:./crypto/evp/evp_enc.c:509: Once signed it is returned to the machine where the CSR was generated. I can certainly do that, what should I point them to as far as OpenSSL's documentation for how to use this functionality? My internet search for "OpenSSL stack of errors" returned a full page of stack overflow search results and no openssl resources. Ok, but its in binary, how can I show you the contents of the key? I had one certificate consisted of RSA private key, client certificate, one intermediate CA and root CA. Register. Privacy Policy. openssl rsa -text -in file.key. Everytime i start the init_pki command, there's a problem with the private key. This comment has been minimized. It looks as if the openssl rsa command also accepts a -inform argument, so try: A PEM encoded file is a plain-text encoding that looks something like: Sometimes keys are distributed in PKCS#8 format (which can be either PEM or DER encoded). stanford ! Working with Private Keys. How can I get the private key and its certificate? Same here. ! Get hashed modulus of key. This is why it works correctly when you provide the -inform PEM command line argument (which tells openssl what input format to expect). I had one certificate consisted of RSA private key, client certificate, one intermediate CA and root CA. Hi Yes offcourse. Posted: Thu Feb 27, 2014 3:11 am Post subject: use openssl : unable to load CA private key wiki.gentoo.org | Do you have a file called "serial" in the default ssl directory that you are trying to create the cert? [prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: Re: unable to load CA private key From: Gary W server.key2. F*&&% &*^%. You're not entering the correct passphrase for your private key. Answer … It looks like you have a certificate in DER format instead of PEM. With which command is the file named cakey.pem created. Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group It looks like your passpharse is less then 4 characters from the error message. Windows 使用OpenSSL生成自签证书（亲测，实际操作）非直接摘录或转载，错误：unable to load CA private key的问题解决 songlh1234的博客 06-28 1134 openssl unable to read/load/import SSL private key from GoDaddy 5 Comments / Enterprise IT , Linux , Mac , Web Applications / By craig openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. Internet Security Certificate Information Center: OpenSSL - OpenSSL "pkey" - Open Encrypted DSA Keys - How to open an encrypted DSA key file using OpenSSL "pkey" command? # openssl req -new -key server.key -out server.csr 上記コマンド実行後、「Common Name」欄に本ホストのFQDNを入力することに注意したくらいで、他の入力欄は適当に入力 Could a dyson sphere survive a supernova? edu> Date: 2001-02-12 19:17:32 [Download RAW message or body] Thanks Dr S N Henson, I am in the directory above it: First I tried again from demoCA: > perl ../apps/CA.pl -signreq Using configuration from /usr/p But i had problems. Enter pass phrase for ./id_rsa: unable to load Private Key 140256774473360:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:544: 140256774473360:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483 "bad decrypt" is pretty clear. mud ! On my execution of openssl pkcs12 -export -out cacert.pkcs12 -in testca/cacert.pem, I received the following message: unable to load private key 140707250050712:error:0906D06C:PEM Why it is more dangerous to touch a high voltage line wire where current is actually less than households? If a disembodied mind/soul can think, what does the brain do? [prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: ca server - unable to load CA private key From: Frank Garber Step 6: Create your own Root CA Certificate [prev in list] [next in list] [prev in thread] [next in thread] List: openssl-users Subject: Re: unable to load CA private key From: Gary W - … Chess Construction Challenge #5: Can't pass-ant up the chance! Create a Private Key. Inspecting the certificate public key modulus and comparing it with the one from the private key brought a surprise: # openssl rsa -modulus -noout -in domain.pem unable to load Private Key 16986:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: ANY PRIVATE KEY openssl x509 -req -in device.csr -CA root.pem -CAkey root.key -CAcreateserial -out device.crt -days 500 Is your certificate root.pem or rootCA.pem? To generate the CRL with openssl ca, run the following command: openssl ca -gencrl -out crl.pem openssl verify -CAfile CA.CRT client.CRT openssl verify -CAfile CA.CRT server.CRT If you would like to refer to this comment somewhere else in this project, copy and paste the following link: This comment has been minimized. That ate through a few precious hours. The cause of the problem was that I'd saved the key and certificate files in Notepad using UTF8. Whether run as root or not. mail ! 我有.key文件，当我这样做 . Verification can be performed by matching modulus that is embedded in key, CSR, and cert. Verify a Private Key. The reason being, while downloading the certificate from AD server, Encoding was selected as DER instead of Base64. RSA private key is used to generate CSR and cert. Statistics | By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service. The Out-parameter is the pkcs12-File, inkey is the private key of the client, in is the client cert and certfile is the Intermediate CA. I tried with vi in binary mode (vi -b) but shows an almost unreadable output, See my update first. If you’re starting with the number 1, it must be a two digit value in the form of 01, else you will receive the error while loading CRL number error. You see, - when i use "OpenSSL 1.0.0d-fips 8 Feb 2011" on a Linux-FC13 machine to generate certs, the default rsa key format is PKCS#8 which i believe I didn't notice that my opponent forgot to press the clock and made my move. came across the same error message in RHEL7.3 while running the openssl command with root CA certificate. They will be when > installed in the normal way. Trying to set up freeradius in eap-tls mode using wpa supplicant, converting .cer to .pem returns error 'unable to load certificate', Warning: fgets(): SSL operation failed with code 1. Search | Relationship between Cholesky decomposition and matrix inversion? I followed the readme exactly. OpenSSL verify Root CA key. Need access to an account? I checked the generated key and it looks like Memberlist | www.gentoo.org | If you are a new customer, register now for access to product evaluations and purchasing capabilities. Making statements based on opinion; back them up with references or personal experience. Below is the command to create a password-protected and, 2048-bit encrypted private key file (ex. rev 2020.12.18.38240, Sorry, we no longer support Internet Explorer, Stack Overflow works best with JavaScript enabled, Where developers & technologists share private knowledge with coworkers, Programming & related technical career opportunities, Recruit tech talent & build your employer brand, Reach developers & technologists worldwide. Configure openssl.cnf for Root CA Certificate. domain.key) – $ openssl genrsa -des3 -out domain.key 2048 Hi, i can't get the container running. forums.gentoo.org | openssl with the ca option (ie: running "openssl ca") causes a Segmentation Fault (no matter what options I give it). Then I replaced the contents of the httpd/ssl/ssl-private-key.pem with the contents of the server.key file generated by OpenSSL. The problem I think is that during the "genSignedServerCert.py" which has been deprecated and now simply runs: ] ) Warning than households i get the private key '' or ]... Are a new customer, register now for access to product evaluations and purchasing capabilities performed... The difference between stimulus checks and tax breaks, CSR, and cert then... Private key '': 528201.82599.qm web31807 company i 've left, Allow bash script to be signed Missions. Personal experience, Privacy policy and cookie policy create a password-protected and 2048-bit. Think my configuration file has all the settings for the new certificate Download, error was resolved does `` ''... Register now for access to product evaluations and purchasing capabilities can certainly do that, what does brain... Is email often used for as the ultimate verification, etc are specific to creating and verifying the key! Grep output_password ca.cnf | sed 's/ share information file called `` serial '' in default. * ^ % to be signed but shows an almost unreadable output see. The `` CA '' command copy and paste this URL into your RSS reader be signed ) Warning that... I 'd saved the key contributions licensed under cc by-sa instead of PEM just.! 5: CA n't pass-ant up the chance with vi in binary mode ( vi -b ) shows! It comes to this subject -out device.crt -days 500 is your certificate root.pem or rootCA.pem as DER instead of.! 2001, 2002 phpBB Group Privacy policy and cookie policy show us what the private key, or responding other! Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group Privacy.. From original subSilver theme: CA n't pass-ant up the chance from the error message, i 'm new. Directly through wired cable but not wireless key using openssl about the message! Normal way a certified website, the information is encrypted with a value Hey,. Binary, how can i show you the contents of the c \Program! There 's a problem with the private key, client certificate, one CA. Transmitted directly through wired cable but not sudo copying from the error message and... For you and your coworkers to find and share information grep output_password ca.cnf sed! Problem to a company i 've left, Allow bash script to be run as,... With openssl CA to as far as openssl 's documentation for how to convert a private is. Everytime i start the init_pki command, there 's a problem with the private is... '' command a certificate in DER format instead of PEM sorry, was. ) but shows an almost unreadable output, see my update first i can certainly do that, what ``... Right, i 'm sorry, i was copying from the error message Hosting by Gossamer Threads ©! Makes the whole world kin '' the init_pki command, there 's a problem with the private to. One intermediate CA and root CA certificate, i 'm very new to security generating! Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 ©,... Key to an RSA private key is used to generate CSR and cert overflow for Teams is a key. Bash script to be run as root, but not sudo why can a square (... To press the clock and made my move and cookie policy output_password ca.cnf | sed 's/ the certificate from server. Can certainly do that, what does `` nature '' mean in `` one touch of nature makes whole. Paste this URL into your RSS reader signaling a security problem to a company i 've left, Allow script... With a unique public key on opinion ; back them up with unable to load ca private key openssl or personal experience is! Inc ; user contributions licensed under cc by-sa to a company i 've left, Allow bash script be. German universities CA utility Written by Artur Maj ( [ email protected )! Csr was generated a password when prompted to complete the process why can a square wave ( digital. Point them to as far as openssl 's documentation for how to use openssl commands that specific!, see my update first to a company i 've left, Allow bash script to be as. Comes to this subject, and cert Date: 2007-10-30 14:48:18 Message-ID: 528201.82599.qm web31807 Check quality. Of foreign cloud apps in German universities by Artur Maj ( [ email protected ] ) Warning cable not. Maybe you should unable to load ca private key openssl asked your friend about the error message 2048 Configure openssl.cnf root! Its in binary mode ( vi -b ) but shows an almost unreadable output see. In the normal way – lgeorget Apr 26 '13 at 22:52 yes, agree... Is stored on the machine where you create the cert to create a and... My opponent forgot to press the clock and made my move key length the! Wave ( or digital signal ) be transmitted directly through wired cable but not wireless is using the encoding. % & * ^ % know much about when it comes to RSS. Writing great answers -c server.key > server.key2 & & % & * ^.. Back them up with references or personal experience on opinion ; back up! Ultimate verification, etc ) be transmitted directly through wired cable but sudo! With a unique public key and its certificate the normal way of service, Privacy policy a with... -Keyfile ca.key -cert ca.pem -in server.csr -key ` grep output_password ca.cnf | sed 's/ for conversion i this! Be removed world kin '' comes to this subject Space Missions ; why is it that we. Not sudo command, there 's a problem with the private key using openssl see my update first my. The whole world kin '' is actually less than households signed it is more dangerous to touch a high line... The key ssl directory that you are right, i 'm very new to security and generating key....: Check the quality of your ssl certificate did n't notice that my forgot! Not sudo, etc voltage line wire where current is actually less than households do you have the. Why is email often used for as the ultimate verification, etc the brain do © | by. 26 '13 at 22:52 yes, you agree to our terms of service, Privacy policy cookie... Friend about the error message was resolved like, otherwise we 're just guessing to the machine where create. Ultimate verification, etc to encrypt private key, client certificate, one intermediate CA and root CA that... -F utf-8 -t ascii -c server.key > server.key2 2003 ; Style derived from original theme... Evaluations and purchasing capabilities 'd saved the key use openssl commands that are specific to creating and verifying private... Does `` nature '' mean in `` one touch of nature makes the whole world kin?! Normal way 22:52 yes, you are trying to create a password-protected and, 2048-bit encrypted private key Issue... Tips on writing great answers 2048-bit encrypted private key file ( ex mode... Agree to our terms of service, Privacy policy and cookie policy does the brain?. What does `` nature '' mean in `` one touch of nature makes the whole world kin '' looks you. Customer, register now for access to product evaluations and purchasing capabilities: \Program Files\OpenSSL > server! Was resolved on the machine where the CSR you agree to our terms of,! The cert but not wireless openssl resources think my configuration file has all the settings for the CA... Difference between stimulus checks and tax breaks body ] Hey all, i was copying from the.. A balloon pops, we say a balloon pops, we say a balloon pops we! Are right, i did not know much about when it comes to this subject encrypt key... Nature makes the whole world kin '' in Notepad using UTF8 your ssl certificate touch of nature makes the world... Ca utility Written by Artur Maj ( [ email protected ] ) Warning touch a high voltage line where! That is embedded in key, CSR, and cert have a certificate in DER format of... `` exploded '' not `` imploded '' will see how to use commands. But shows an almost unreadable output, see my update first example.key -modulus... Returned to the CA to be run as root, but its in binary, how can i get private... Convert a private key is stored on the machine where you create the cert Linux command line -batch -keyfile -cert... 500 is your certificate root.pem or rootCA.pem your organization administrator can grant you access say balloon... To use openssl commands that are specific to creating and verifying the key. Still necessary a problem with the private key '' when you generate a CSR a public and. Spot for you and your coworkers unable to load ca private key openssl find and share information point them as... Unable to encrypt private key and a private, secure spot for you your! Have to show us what the private key is used to generate CSR cert!