Heroku ssl certs: the key cannot be read because it is protected by a passphrase

I'm having trouble getting ssl certificates, which Heroku will accept for secure.mydomain.com. I use DNSimple, Cedar Stack and follow the instructions here: https://devcenter.heroku.com/articles/ssl-certificate

  • Copy server.key and server.orig.crt from DNSimple
  • Obtain a root CA certificate using $ curl https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem > rapidssl_bundle.pem
  • Merge into a single file using cat server.orig.crt rapidssl_bundle.pem > server.crt

So now I have the server.key and server.orig.crt files that I am trying to load into Heroku using $ heroku certs:add server.crt server.key . It gives an error

 Key could not be read since it protected by a passphrase. 

The above documents do not say anything about removing a passphrase from a server.key file. So I dug up and found the documents here: https://devcenter.heroku.com/articles/ssl#customdomain-ssl . I execute these commands between # 1 and # 2 above:

1b. $ mv server.key server.orig.key

1c. $ openssl rsa -in server.orig.key -out server.key

However this gives an error

 unable to load Private Key 47930:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-47/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY 

I suspect that the private key was not found.

Does anyone know what the problem is? Is this a Heroku problem or an openssl problem (or a DNSimple problem)?

+4
source share
4 answers

This is really stupid, but as far as I can tell, there is a problem using TextEdit on Mac OS to save the server.key and server.orig.crt source files.

Instead, I used TextMate and everything works fine.

+1
source

I struggled very much with the almost identical problem of installing SSL Certs in a Heroku application with DNSimple and RapidSSL and want to post my solution here if someone with a similar problem encounters this answer.

I followed the directions throughout SO and Heroku dev center to install certificates through DNSimple and RapidSSL, but every time I tried to add certificates using the command:

$ heroku certs:add server.crt bundle.pem server.key

no matter what i did, i got this error:

 $ Adding SSL Endpoint to mysite... failed ! Key could not be read since it protected by a passphrase. ! Read instructions on how to remove the passphrase on: ! http://www.madboa.com/geek/openssl/#key-removepass` 

I knew that the key did not have a key phrase (because I went through this process several times), but he still did not want to add them. I did two things that eventually made her work, although I'm not sure which one was the key.

First, I’ve definitely downloaded the proper PEM file into the Apache, Plesk and CPA fields from the RapidSSL email link to the middle tier certificates.

Secondly, to verify the installation of the Herobu toolbelt tool, follow these steps: https://devcenter.heroku.com/articles/heroku-command#installing-the-heroku-cli

It turns out that I was still using the gem, and I had to remove it until I got to the hero-tool, after which I again tried to add certificates and voila.

+8
source

Fight this problem for several days! Until I came across this topic and did not follow the update tips. The first thing I had to do was

gem uninstall heroku --all

I answered β€œYes” to the hold question due to another post I read on stackoverflow. Then I went to https://toolbelt.herokuapp.com/ and installed toolbelt (although heroku -version said it was installed). Updated it to the hero-instrumental tool 2.39.0. Repeat the following command and it worked:

heroku certs: add cert.cer bundle.pem server.key

Maybe I'll finally sleep tonight.

+2
source

Old dashboard installation was my problem for windows.

Even if heroku update changed the version number from 2.30.1 to 2.39.0, a heroku version showed that for some reason it was not updated correctly.

I reinstalled toolbelt from https://toolbelt.herokuapp.com/ and tried again and it worked.

heroku version now says this for me, and certificates: add works correctly:

 heroku-gem/2.39.0 (i386-mingw32) ruby/1.9.2 
0
source

Source: https://habr.com/ru/post/1445007/


All Articles