Solved: ISE error ' private key is improperly protected'

Mikael Gustafsson · ‎09-18-2012

I have two ISE PSN nodes that I am importing DigiCert ID certificates on.

On one node this worked as it should but on the other I get:

'Private key validation failed: The password is invalid or the private key is improperly protected'

This is a SAN certificate so the CSR is made in OpenSSL from the ISE's .csr and .pvk.

To be sure I didn't messed up the password I generate a new CSR in OpenSSL, and the password is ok.

What is the meaning of 'the private key is improperly protected'?

What could be with the certificate?

I did verify the certificate in OpenSSL with

openssl x509 -in ise01digi.crt -noout -text

Tanks

Mikael

patrick.kofler · ‎09-18-2012

Hi,

I ran into the same issue with the private key being improperly protected.

I resolved it by encoding the private key into the DER format instead of PEM.

the command would be similar to:

openssl rsa -in [-passin pass:] -outform DER -des3 -out [-passout pass:]

I encrypted my private key with a password. That is why the passin/passout arguments are put into square brackets.

And to be sure that I don't get an error again I additionally used 3DES encryption on the key.

HTH,

Patrick

patrick.kofler · ‎09-18-2012

Hi,