Jump to content
Sign in to follow this  
emactive

Provide Domain Verification Linux error 'unable to load key file'

Recommended Posts

Hi all - I tried searching for this issue on the forum, but with no luck. Forgive me if this has been posted before. Appreciate any help!

On this page: https://xrpl.org/run-rippled-as-a-validator.html#6-provide-domain-verification

I'm having issues with this step.

2. Sign the validator public key using your web domain's TLS private key. The TLS private key file does not need to be stored on your validator's server.
$ openssl dgst -sha256 -hex -sign /PATH/TO/YOUR/TLS.key <(echo YOUR_VALIDATOR_PUBLIC_KEY_HERE)


I obtained the SSL certification (PEM file) from my domain and entered that command, replacing the dummy data with my own, and keep getting this error below. I've used multiple PEM files types with no luck (.pem/.crt/.cer)

unable to load key file
140438533517760:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

 

Share this post


Link to post
Share on other sites

Are you using the correct private key pem file? My understanding is that domain certification has several pem files, such as cert.pem, chain.pem etc. You need to use the actual privkey.pem file (or whatever it is named). Otherwise it will not generate the right output. 

Share this post


Link to post
Share on other sites

Appreciate the quick response Karlos. I exported the .cer file from the web browser when you click the lock icon to the left of the address bar.

When I go into the file I see:

-----BEGIN CERTIFICATE-----
random characters
-----END CERTIFICATE-----
 

Is this the correct file I should be using?

Share this post


Link to post
Share on other sites

This is a certificate, not a private key. The documentation tells you to use the private key.

Maybe you should read up a bit about certificates and how cryptographic primitives are commonly used and deployed in general.

Share this post


Link to post
Share on other sites
On 8/22/2019 at 3:32 AM, Sukrim said:

This is a certificate, not a private key. The documentation tells you to use the private key.

Maybe you should read up a bit about certificates and how cryptographic primitives are commonly used and deployed in general.

Ok thank you suk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...