Troubleshooting
Problem
You are importing certificates for the GUI and running the CLI command: store certificate privatekey gui
You paste the new certificate in PEM format, and when prompted, you paste the new key in PEM format.
Then you are prompted for the passphrase: Enter pass phrase for /var/tmp/tmpkey.pem:
Then you are prompted for the passphrase: Enter pass phrase for /var/tmp/tmpkey.pem:
You get an error similar to:
Error opening Certificate /var/tmp/tmpcert.pem
###:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/var/tmp/tmpcert.pem','r')
###:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate
Certificate and key verification failed.
err
###:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/var/tmp/tmpcert.pem','r')
###:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate
Certificate and key verification failed.
err
Cause
Guardium appliances cannot use a key with a passphrase. The user must strip it before entering the key.
Environment
In a future v11 release, it is planned for Guardium to strip the passphrase automatically.
Resolving The Problem
You must store a key without a passphrase. You can strip it out with this:
openssl rsa -in <key_file> -out </path/to/tmpfile>
Enter the passphrase
Enter the passphrase
Now the tmpfile is the key without the passphrase.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
21 August 2019
UID
ibm11071520