unable to load EC Private Key



  • i want to use my EC Private Key, but i cant input and submit ec key in PF.

    like this:

    -----BEGIN EC PRIVATE KEY-----
    MHQCAQEEIJj8Mw1AJdlXjbhfrfds1hfItEaAnMGaOzNvsJ1DWWY78oAcGBSuBBAAK
    oUQDQgAEOnoYXIgfdsgertgtrsdwUy6XMdBvhM2QHhEcC8JfmvhCEPtmWNQuvzVz
    1uoP+GUImM1ak15KWsdpAqZUonnZkg==
    -----END EC PRIVATE KEY-----

    if i change that to -----BEGIN PRIVATE KEY----- can input , but it is not normal work.

    server: letsencrypt-production-2

    getCertificatePSK using custom key
    LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSFFDQVFFRUlKajhNdzFBSmRsWGpiaElCMmcxaGZJdEVhQW5NR2FPek52c0oxRFdXWTc4b0FjDQpvVVFEUWdBRU9ub1lYSWd0dEJKQzkxRzZpSHVyVXk2WE1kQnZoTTJRSGhFY0M4SmZtdmhDRVB0bVdOUXV2elZ6DQoxdW9QK0dVSW1NMWFrMTVLV3NkcEFxWlVvbm5aa2c9PQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ==

    /usr/local/pkg/acme/acme.sh --issue -d 'yon.net' -d '*.yon.net' --home '/tmp/acme/yon.net-v2/' --accountconf '/tmp/acme/yon.net-v2/accountconf.conf' --force --reloadCmd '/tmp/acme/yon.net-v2/reloadcmd.sh' --dns 'dns_nsupdate' --ocsp-must-staple --log-level 3 --log '/tmp/acme/yon.net-v2/acme_issuecert.log'

    Array
    (
    [path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
    [NSUPDATE_SERVER] => /tmp/acme/yon.net-v2/yon.net/nsupdate
    [NSUPDATE_KEYNAME] => yon
    [NSUPDATE_KEYALGO] => 157
    [NSUPDATE_KEY] => /tmp/acme/yon.net-v2/yon.net/nsupdate
    )
    [Wed Aug 8 22:13:45 CST 2018] Registering account
    [Wed Aug 8 22:13:53 CST 2018] Already registered
    [Wed Aug 8 22:13:53 CST 2018] ACCOUNT_THUMBPRINT='pTJ3SKO_lfmOPpgJyw_nfdsfsfercddwLfp9eZOwunduc'
    [Wed Aug 8 22:13:53 CST 2018] Multi domain='DNS:yon.net,DNS:*.yon.net'
    unable to load Private Key
    34380776392:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:1200:
    34380776392:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:374:Type=X509_ALGOR
    34380776392:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/asn1/tasn_dec.c:700:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
    34380776392:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/crypto/pem/pem_pkey.c:142:
    [Wed Aug 8 22:13:53 CST 2018] Create CSR error.
    [Wed Aug 8 22:13:53 CST 2018] Please check log file for more details: /tmp/acme/yon.net-v2/acme_issuecert.log



  • version is 0.3.1_1

    now i try use pf ec key still not work.

    [Wed Aug 8 22:41:38 CST 2018] readlink exists=0
    [Wed Aug 8 22:41:38 CST 2018] dirname exists=0
    [Wed Aug 8 22:41:38 CST 2018] Lets find script dir.
    [Wed Aug 8 22:41:38 CST 2018] SCRIPT='/usr/local/pkg/acme/acme.sh'
    [Wed Aug 8 22:41:38 CST 2018] _script='/usr/local/pkg/acme/acme.sh'
    [Wed Aug 8 22:41:38 CST 2018] _script_home='/usr/local/pkg/acme'
    [Wed Aug 8 22:41:38 CST 2018] Using config home:/tmp/acme/yon.net-2/
    [Wed Aug 8 22:41:38 CST 2018] APP
    [Wed Aug 8 22:41:38 CST 2018] 2:LOG_FILE='/tmp/acme/yon.net-2/acme_issuecert.log'
    [Wed Aug 8 22:41:38 CST 2018] APP
    [Wed Aug 8 22:41:38 CST 2018] 3:LOG_LEVEL='3'
    [Wed Aug 8 22:41:38 CST 2018] LE_WORKING_DIR='/tmp/acme/yon.net-2/'
    [Wed Aug 8 22:41:38 CST 2018] _main_domain='yon.net'
    [Wed Aug 8 22:41:38 CST 2018] _alt_domains='.yon.net'
    [Wed Aug 8 22:41:38 CST 2018] Using config home:/tmp/acme/yon.net-2/
    [Wed Aug 8 22:41:38 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Aug 8 22:41:38 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Wed Aug 8 22:41:38 CST 2018] CA_CONF='/tmp/acme/yon.net-2//ca/acme-v02.api.letsencrypt.org/ca.conf'
    [Wed Aug 8 22:41:38 CST 2018] DOMAIN_PATH='/tmp/acme/yon.net-2//yon.net'
    [Wed Aug 8 22:41:38 CST 2018] 'dns_nsupdate' does not contain 'dns'
    [Wed Aug 8 22:41:38 CST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Wed Aug 8 22:41:38 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Wed Aug 8 22:41:38 CST 2018] GET
    [Wed Aug 8 22:41:38 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Aug 8 22:41:38 CST 2018] timeout=
    [Wed Aug 8 22:41:38 CST 2018] curl exists=0
    [Wed Aug 8 22:41:38 CST 2018] wget exists=127
    [Wed Aug 8 22:41:38 CST 2018] _CURL='curl -L --silent --dump-header /tmp/acme/yon.net-2//http.header -g '
    [Wed Aug 8 22:41:43 CST 2018] ret='0'
    [Wed Aug 8 22:41:43 CST 2018] response='{
    "LZh-A99FZvI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
    "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
    "meta": {
    "caaIdentities": [
    "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
    },
    "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
    "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
    "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
    "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Wed Aug 8 22:41:43 CST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_AUTHZ
    [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Wed Aug 8 22:41:43 CST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Wed Aug 8 22:41:43 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Wed Aug 8 22:41:43 CST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed Aug 8 22:41:43 CST 2018] ACME_VERSION='2'
    [Wed Aug 8 22:41:43 CST 2018] Le_NextRenewTime
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 1:Le_Domain='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 2:Le_Alt='
    .yon.net'
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 3:Le_Webroot='dns_nsupdate'
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 4:Le_PreHook=''
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 5:Le_PostHook=''
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 6:Le_RenewHook=''
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
    [Wed Aug 8 22:41:43 CST 2018] _on_before_issue
    [Wed Aug 8 22:41:43 CST 2018] _chk_main_domain='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] _chk_alt_domains='.yon.net'
    [Wed Aug 8 22:41:43 CST 2018] 'dns_nsupdate' does not contain 'no'
    [Wed Aug 8 22:41:43 CST 2018] Le_LocalAddress
    [Wed Aug 8 22:41:43 CST 2018] d='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] Check for domain='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] _currentRoot='dns_nsupdate'
    [Wed Aug 8 22:41:43 CST 2018] d='
    .yon.net'
    [Wed Aug 8 22:41:43 CST 2018] Check for domain='.yon.net'
    [Wed Aug 8 22:41:43 CST 2018] _currentRoot='dns_nsupdate'
    [Wed Aug 8 22:41:43 CST 2018] d
    [Wed Aug 8 22:41:43 CST 2018] 'dns_nsupdate' does not contain 'apache'
    [Wed Aug 8 22:41:43 CST 2018] _saved_account_key_hash='cP/GOmaOTPwyzPOSLFAvQrmkrFGMqzzrVJI='
    [Wed Aug 8 22:41:43 CST 2018] base64 single line.
    [Wed Aug 8 22:41:43 CST 2018] _saved_account_key_hash is not changed, skip register account.
    [Wed Aug 8 22:41:43 CST 2018] Read key length:
    [Wed Aug 8 22:41:43 CST 2018] _createcsr
    [Wed Aug 8 22:41:43 CST 2018] domain='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] domainlist='
    .yon.net'
    [Wed Aug 8 22:41:43 CST 2018] csrkey='/tmp/acme/yon.net-2//yon.net/yon.net.key'
    [Wed Aug 8 22:41:43 CST 2018] csr='/tmp/acme/yon.net-2//yon.net/yon.net.csr'
    [Wed Aug 8 22:41:43 CST 2018] csrconf='/tmp/acme/yon.net-2//yon.net/yon.net.csr.conf'
    [Wed Aug 8 22:41:43 CST 2018] _is_idn_d='.yon.net'
    [Wed Aug 8 22:41:43 CST 2018] _idn_temp
    [Wed Aug 8 22:41:43 CST 2018] domainlist='
    .yon.net'
    [Wed Aug 8 22:41:43 CST 2018] Multi domain='DNS:yon.net,DNS:*.yon.net'
    [Wed Aug 8 22:41:43 CST 2018] OK
    [Wed Aug 8 22:41:43 CST 2018] 8:Le_OCSP_Staple='1'
    [Wed Aug 8 22:41:43 CST 2018] _is_idn_d='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] _idn_temp
    [Wed Aug 8 22:41:43 CST 2018] _csr_cn='yon.net'
    [Wed Aug 8 22:41:43 CST 2018] Create CSR error.
    [Wed Aug 8 22:41:43 CST 2018] pid
    [Wed Aug 8 22:41:43 CST 2018] No need to restore nginx, skip.
    [Wed Aug 8 22:41:43 CST 2018] _clearupdns
    [Wed Aug 8 22:41:43 CST 2018] skip dns.
    [Wed Aug 8 22:41:43 CST 2018] _on_issue_err
    [Wed Aug 8 22:41:43 CST 2018] Please check log file for more details: /tmp/acme/yon.net-2/acme_issuecert.log
    [Wed Aug 8 22:41:43 CST 2018] _chk_vlist


  • Rebel Alliance Developer Netgate

    The GUI does not have support for EC keys at this time.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy