Forum Discussion
Fuchan_Tan_3092
Nimbostratus
NimbostratusPEM routines:PEM_do_header:bad password read
Joe,
When executing the LocalLB/ProfileClientSSL::create(), I am getting the following error. I believe my certificate and key are correct. Please see my code fragment below.
It seems the I need to set the passphrase first, but, when I do that, it complains that the miketan999_clientssl_profile not found.
Please show me how would you do it to avoid the error and have the clientssl_profile correctly configured.
Thanks,
Mike Tan
AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server faultSubcode: faultString: Exception caught in LocalLB::urn:iControl:LocalLB/ProfileClientSSL::create() Exception: Common::OperationFailed primary_error_code : 17236755 (0x01070313) secondary_error_code : 0 error_string : 01070313:3: Error reading key PEM file /config/ssl/ssl.key/miketan999.key for profile miketan999_clientssl_profile: error:0906A068:PEM routines:PEM_do_header:bad password read faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:Exception caught in LocalLB::urn:iControl:LocalLB/ProfileClientSSL::create() Exception: Common::OperationFailed primary_error_code : 17236755 (0x01070313) secondary_error_code : 0 error_string : 01070313:3: Error reading key PEM file /config/ssl/ssl.key/miketan999.key for profile miketan999_clientssl_profile: error:0906A068:PEM routines:PEM_do_header:bad password read
/*
both /config/ssl/ssl.key/miketan999.key and /config/ssl/ssl.crt/miketan999.crt are in place
*/
iControl.LocalLBProfileString [] keys = new iControl.LocalLBProfileString[1];
keys[0]=new iControl.LocalLBProfileString();
keys[0].setValue("miketan999.key");
iControl.LocalLBProfileString [] certs = new iControl.LocalLBProfileString[1];
certs[0]=new iControl.LocalLBProfileString();
certs[0].setValue("miketan999.crt");
i_interfaces.getLocalLBProfileClientSSL().create(profile_names, keys, certs);
iControl.LocalLBProfileString [] passphrase = new iControl.LocalLBProfileString[1];
passphrase[0] = new iControl.LocalLBProfileString();
passphrase[0].setValue("mypassphrase");
iControl.LocalLBProfileString [] chainFile = new iControl.LocalLBProfileString[1];
chainFile[0] = new iControl.LocalLBProfileString();
chainFile[0].setValue("myRoot.crt");
i_interfaces.getLocalLBProfileClientSSL().create(profile_names, keys, certs);
String[] default_profiles = new String[1];
default_profiles[0] = "clientssl";
i_interfaces.getLocalLBProfileClientSSL().set_default_profile(profile_names, default_profiles); i_interfaces.getLocalLBProfileClientSSL().set_passphrase(profile_names, passphrase); i_interfaces.getLocalLBProfileClientSSL().set_chain_file(profile_names, chainFile);
1 Reply
Fuchan_Tan_3092The objective to convert the following tcl script by using Java iControl:
profile clientssl ${CreateClientSslProfile.ProfileName} {
defaults from clientssl key "${CreateClientSslProfile.SslKeyFile}"
cert "${CreateClientSslProfile.SslCertFile}"
chain "${CreateClientSslProfile.SslChainFile}"
passphrase "${CreateClientSslProfile.SslPassPhrase}"
}
The issue is when to set the passphrase. Do you set the passphrase before or after the call -
i_interfaces.getLocalLBProfileClientSSL().create(profile_names, keys, certs)?
I tried call i_interfaces.getLocalLBProfileClientSSL().create(profile_names, keys, certs), but i am getting "PEM routines:PEM_do_header:bad password read" error.
I also tried to set the passphrase first before calling i_interfaces.getLocalLBProfileClientSSL().create(profile_names, keys, certs), but i got profile does not exist error.
