On Sun, Sep 7, 2014 at 10:26 PM, Liz Fall <f...@sbcglobal.net> wrote:
> All, > > > > I am getting the following with my client cert when trying to connect to > an SSL-enabled MongoDB: > > > > 2014-09-03T13:37:56.881-0500 ERROR: cannot read PEM key file: > /users/apps/tstlrn/u019807/DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_wells.pem > error:0906D06C:PEM routines:PEM_read_bio:no start line > I just tried to duplicate with a key (not a certificate) that uses line breaks at 76 characters. I don't have a certificate because my routines don't support certificates. But it should reveal a little about the OpenSSL parser. Reading the public and private keys were OK when the line size was 76 (see below). So the OpenSSL parser is lenient during a read. This seems very reasonable to me. Reading an encrypted private key resulted in an error "PEM_read_bio:bad end line:pem_lib.c:802" when the line size was 76 (see below). This kind of surprised me. Since you are receiving the "no start line" error (and not another error), I would suspect you are reading an ASN.1/DER encoded certificate; and not a PEM encoded certificate. The error occured before anything related to line lengths. Can you post the X509 certificate for inspection? Jeff ********** # Line breaks at 76 $ cat rsa-pub-xxx.pem -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDse17vxd2lkVIxwt1gkipo0EZo3NdDhIvPRowZ 6hfRM1n3+8NlS4Qw76PvM1EMR9FXCFTBtv9zzZ7OkNH84LgG6mbNS28PuWeUFmMZumdLbT4KNu2U pttFup08OUEIlrmkeP1GqMCfaVcbCfl0tScpCMeEhXUpiIvtzUin2kqGHQIDAQAB -----END PUBLIC KEY----- # Line breaks at 76 $ cat rsa-priv-xxx.pem -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDse17vxd2lkVIxwt1gkipo0EZo3NdDhIvPRowZ6hfRM1n3+8NlS4Qw76PvM1EM R9FXCFTBtv9zzZ7OkNH84LgG6mbNS28PuWeUFmMZumdLbT4KNu2UpttFup08OUEIlrmkeP1GqMCf aVcbCfl0tScpCMeEhXUpiIvtzUin2kqGHQIDAQABAoGBAJqxzZW98tMW8BS7K0O7+eActqJsLKjv MOIDfSyKlM/17pmo6NX/g1bbvHqCMDd/V3K+cWtTAWJIlOT9mU/51Ib3h29xEQQ6Ql/ubMPAmm/t f7itQMxn5FVY+ZA2/pL/mDzAdMuLeS/1TcHCqjbpAL8VaZjHTqztHBcVcNzbIQ6BAkEA/e7hE6WV caAoFEVfoZW0AIjwWpziQdI1bhNAi70fxWEU1kSq2ZZZhqxU4G37IKmVfBnx3CSzCgp5daPqUpEO oQJBAO5oIOgVf3GqL03fA6N3s2gx9L4VzAaZZynDF6yjhCCAXs8uUSEYKL32a17dFq+0SrQUSS2J Tylsz2cv+Uk6cf0CQQCV5RLb5BypbB78iE8BNTuCLVOkSYON0yZTCe5KDqPYgYwpR3OK6aODSer4 aDObfj+NeEs65jcBsFkuRkol3xbBAkEAiN+rlNNS2fU1N2YEdsNwcy/LLZ7iBh/ohKeHXgx6/RX2 WMhkt7VhHr7tIgeY0MOX6A+Fe+lLU6Mu6DU4z/wIGQJAQfEGaJbtaq8bLu6m2VYPpGig1NyBx9i8 kF/E+JC9ZSYh//5nhp6+lBbxceDcijPqnKGZlMYS51nPLSHQBRqbog== -----END RSA PRIVATE KEY----- # Line breaks at 76, password is "test" $ cat rsa-enc-priv-xxx.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,8878824B00BA92932DC5AA1E4A9F12E0 klcOjPvZmj/19sUcf031oUckm2YUw7nEp6UtSbs41OKd2TyRfveNl4vv3J8AzOh18AqPPSKR3chM 8lSvKIdcksieh8raqr2s5wMd8ds/mDkguoVWGVnN8f+FKoVTny7OMhXAbQhk2ZXwZMEU5Q8M/Jnj 3ZfrbgcLYH50UoPlkgD6Y0krcNB+TDJEMvErn7G6RedrDPOjQ2gFCmRSE6Yuqtcgl5JaVS+1UT8Z 4l+EMuUjQcBiwuSQNxgfwyGQ3g/2maluLJsEKHDQhAKufe2c7lXlK/0MdHY+q4RbNLmGBigHb97U A5jTZl5+dBrQgtgPx7V13F/7EHT6m2KrYSDvfoPadcT65sT1ukoZF5rvbdRcN1QtVetVrymwM5XU 8CrlSz6tihleipPx27JUA7WQjIQc/Kk7R0e1dNB0oEkgd0i5+20bg+4/Keh0t5fwkXlyrCwjEItT zoC0Hm2dvXG6BTm1OUyRL94DxStVmqRpwDbthbEUqxYWrxTgWKu+noGYu3xJFI6plKEHTY+YMxjm azeyV8CE0HGwRXTBHpj47bekt5dpxMxZasgeIJqHrUI3am+CijdJTHQyHU3Zxk7rdiLha1inpN6M Z+ImQxqzm22e4/KMnTxcZ7L6hNzCKXgAGZ9gdg2uV+fwwyFRwzLDWMbQFeYH10yHB6Ua6Wg2LZdr +NTuJlrMykVULD382XszNMLFtJGl46lpJ9XKWTTIX4e5Fg5N1WSHS2gD8YLxtRzd9vM9ewsZOMtw gqw5uK7GSJUo8FHKtYuLGKY0jnVHFm2VnYo+76RXQxmJyo+ANmALJCJENCZDMm0I0pRGgRVV -----END RSA PRIVATE KEY----- $ openssl rsa -in rsa-pub-xxx.pem -pubin -text -noout Public-Key: (1024 bit) Modulus: 00:ec:7b:5e:ef:c5:dd:a5:91:52:31:c2:dd:60:92: 2a:68:d0:46:68:dc:d7:43:84:8b:cf:46:8c:19:ea: 17:d1:33:59:f7:fb:c3:65:4b:84:30:ef:a3:ef:33: 51:0c:47:d1:57:08:54:c1:b6:ff:73:cd:9e:ce:90: d1:fc:e0:b8:06:ea:66:cd:4b:6f:0f:b9:67:94:16: 63:19:ba:67:4b:6d:3e:0a:36:ed:94:a6:db:45:ba: 9d:3c:39:41:08:96:b9:a4:78:fd:46:a8:c0:9f:69: 57:1b:09:f9:74:b5:27:29:08:c7:84:85:75:29:88: 8b:ed:cd:48:a7:da:4a:86:1d Exponent: 65537 (0x10001) $ openssl rsa -in rsa-priv-xxx.pem -text -noout Private-Key: (1024 bit) modulus: 00:ec:7b:5e:ef:c5:dd:a5:91:52:31:c2:dd:60:92: 2a:68:d0:46:68:dc:d7:43:84:8b:cf:46:8c:19:ea: 17:d1:33:59:f7:fb:c3:65:4b:84:30:ef:a3:ef:33: 51:0c:47:d1:57:08:54:c1:b6:ff:73:cd:9e:ce:90: d1:fc:e0:b8:06:ea:66:cd:4b:6f:0f:b9:67:94:16: 63:19:ba:67:4b:6d:3e:0a:36:ed:94:a6:db:45:ba: 9d:3c:39:41:08:96:b9:a4:78:fd:46:a8:c0:9f:69: 57:1b:09:f9:74:b5:27:29:08:c7:84:85:75:29:88: 8b:ed:cd:48:a7:da:4a:86:1d publicExponent: 65537 (0x10001) privateExponent: 00:9a:b1:cd:95:bd:f2:d3:16:f0:14:bb:2b:43:bb: f9:e0:1c:b6:a2:6c:2c:a8:ef:30:e2:03:7d:2c:8a: 94:cf:f5:ee:99:a8:e8:d5:ff:83:56:db:bc:7a:82: 30:37:7f:57:72:be:71:6b:53:01:62:48:94:e4:fd: 99:4f:f9:d4:86:f7:87:6f:71:11:04:3a:42:5f:ee: 6c:c3:c0:9a:6f:ed:7f:b8:ad:40:cc:67:e4:55:58: f9:90:36:fe:92:ff:98:3c:c0:74:cb:8b:79:2f:f5: 4d:c1:c2:aa:36:e9:00:bf:15:69:98:c7:4e:ac:ed: 1c:17:15:70:dc:db:21:0e:81 prime1: 00:fd:ee:e1:13:a5:95:71:a0:28:14:45:5f:a1:95: b4:00:88:f0:5a:9c:e2:41:d2:35:6e:13:40:8b:bd: 1f:c5:61:14:d6:44:aa:d9:96:59:86:ac:54:e0:6d: fb:20:a9:95:7c:19:f1:dc:24:b3:0a:0a:79:75:a3: ea:52:91:0e:a1 prime2: 00:ee:68:20:e8:15:7f:71:aa:2f:4d:df:03:a3:77: b3:68:31:f4:be:15:cc:06:99:67:29:c3:17:ac:a3: 84:20:80:5e:cf:2e:51:21:18:28:bd:f6:6b:5e:dd: 16:af:b4:4a:b4:14:49:2d:89:4f:29:6c:cf:67:2f: f9:49:3a:71:fd exponent1: 00:95:e5:12:db:e4:1c:a9:6c:1e:fc:88:4f:01:35: 3b:82:2d:53:a4:49:83:8d:d3:26:53:09:ee:4a:0e: a3:d8:81:8c:29:47:73:8a:e9:a3:83:49:ea:f8:68: 33:9b:7e:3f:8d:78:4b:3a:e6:37:01:b0:59:2e:46: 4a:25:df:16:c1 exponent2: 00:88:df:ab:94:d3:52:d9:f5:35:37:66:04:76:c3: 70:73:2f:cb:2d:9e:e2:06:1f:e8:84:a7:87:5e:0c: 7a:fd:15:f6:58:c8:64:b7:b5:61:1e:be:ed:22:07: 98:d0:c3:97:e8:0f:85:7b:e9:4b:53:a3:2e:e8:35: 38:cf:fc:08:19 coefficient: 41:f1:06:68:96:ed:6a:af:1b:2e:ee:a6:d9:56:0f: a4:68:a0:d4:dc:81:c7:d8:bc:90:5f:c4:f8:90:bd: 65:26:21:ff:fe:67:86:9e:be:94:16:f1:71:e0:dc: 8a:33:ea:9c:a1:99:94:c6:12:e7:59:cf:2d:21:d0: 05:1a:9b:a2 $ openssl rsa -in rsa-enc-priv-xxx.pem -passin pass:test -text -noout unable to load Private Key 140735192314332:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:802: