Hi, I am trying to deploy .pem certs for SSL decryption on AMD but seems key is not being recognized. Is there anything we could be missing?
Already added the .pem file in /usr/adlex/config/keys directory
Already added entry of keys in keylist file
Also attaching a snapshot of ssldecr status where it says keys not recognized as 2ssl-keys-not-recognised.png
Solved! Go to Solution.
That usually indicates a problem either with the key file itself or with the format of the keylist file.
keylist format errors can include spaces in the file that should not be present, Windows line termination (CR-LF) rather than *nix line termination (NL), and general typos like a misspelling/typo.
key file problems can include being encrypted without providing the decryption passphrase to KPA, Windows line termination (CR-LF) rather than *nix line termination (NL), and having the certificate rather than the key in the file.
if you examine the key file with a text editor (or vi if you're on the AMD), it should look something like this:
----- BEGIN RSA PRIVATE KEY -----
lots of lines of text/numbers
----- END RSA PRIVATE KEY -----
If it doesn't look like that, it's not a format the AMD can use. If it says CERTIFICATE instead of PRIVATE KEY, you've got the wrong half of the key (the public half), I get this all the time, server admins always just export the certificate no matter how many times you say it needs to be the private key.
If the file has windows line ends instead of unix line ends vi will show it as each line having a control code "^r" (a two character code starting with a carret ^) at the end.