Skip navigation links

MySQL Forums :: Install & Repo :: MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem'


Advanced Search

Re: MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem'
Posted by: Dave Kelly ()
Date: January 02, 2011 02:50AM

OK, I've found the problem. MySQL Server didn't like the header/footer lines in the PEM encoded key file.

Details: There is a slight (and trivial) difference between a PEM encoded private key file that is Generated by the 'openssl genrsa' command versus a PEM encoded private key file that is Extracted from an existing combined cert/key file with the 'openssl pkey' command. Qualification: the combined cert/key file was a PEM encoded file that was converted from a PFX format file issued by a Microsoft Certificate Services server.

The difference between the openssl Generated versus Extracted key file is simply in the text header and footer lines (see below).

'openssl genrsa' generated key output:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

'openssl pkey' extracted key output:
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

Note that the 'openssl genrsa' Generated key output includes ' RSA' in the text header and footer lines, whereas the 'openssl pkey' Extracted key output does not include ' RSA'.

Adding ' RSA' after BEGIN and END in the header and footer lines of the PEM encoded private key file solved the problem--MySQL Server now loads the private key and enables SSL.

Hard to believe that could be the source of so much trouble!

Options: ReplyQuote


Subject Written By Posted
MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem' Dave Kelly 12/29/2010 05:37PM
Re: MySQL 5.5.8 SSL error: Unable to get private key from 'server-key.pem' Dave Kelly 01/02/2011 02:50AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.