openssl command password problem for Kubernete certificate - ios

I am trying to add certificate for Kubernetes, but when I run the following command on cmd (MacOS):
openssl ec -in mycompany-robert.key -out mycompany-robert.dkey
I get the following prompt:
read EC key
Enter PEM pass phrase:
Then I enter some password, but it is not accepted and get the following error:
unable to load Key
4315711020:error:06FFF064:digital envelope routines:CRYPTO_internal:bad
decrypt:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/
Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/evp/evp_enc.c:521:
4315711020:error:09FFF065:PEM routines:CRYPTO_internal:bad
decrypt:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/
Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/pem/pem_lib.c:469:
So, how can I fix the problem?

Related

Error: unable to load client certificate private key file

I am trying to check if my certificate is correct and trying to do a handshake with:
openssl s_client -connect gateway.push.apple.com:2195 -cert cert.pem -key privateKey.pem
I am getting an error:
unable to load client certificate private key file
4452410816:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Error In Push Notification on Distribution

I have implement the push notification after create the ck.pem file on development end. But when i create on distribution end then we check the ck.pem file is correct or not.I have error show below:-
pksinghs-Mac-mini:SchoolPush pksingh$ php /Users/pksingh/Desktop/SchoolPush/simplepush.php
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): Failed to enable crypto in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Failed to connect: 0
pksinghs-Mac-mini:SchoolPush pksingh$
i have ck.pem file and pushnofication.php in same folder on desktop.
Can anybody help me.
Find the tutorial for how to create certificate and implement notification from below link
https://www.raywenderlich.com/123862/push-notifications-tutorial
you can use below command to create certificate
so there are something wrong in creating distribution certificate
Use below command to create certificate
openssl x509 -in aps_production.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -out PushChatKey.pem -in Certificates_dist.p12
cat PushChatCert.pem PushChatKey.pem > ck_dist.pem
openssl s_client -connect gateway.push.apple.com:2195 -cert PushChatCert.pem -key PushChatKey.pem
where
aps_production.cer = downloaded from developer apple
Certificates_dist.p12 = Exported from your keychain after installing aps_production.cer

Verify return code: 20 (unable to get local issuer certificate) while creating push notification P EM file

I am creating PEM file for Production APNS , and i have done this several time before .
But i am facing an error on terminal while testing my PEm file from below command :
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem
It gives me :
Verify return code: 20 (unable to get local issuer certificate)
as response.
I have tried so many times but did not identify the problem .
May be it is because of my distribution certificates created on diffrent Mac .
But i am not sure .
Any help suggestion will be helpfull.
The developer link asks to include -CAfile server-ca-cert.pem, which does'nt work either.
All other options of indicating the CAfile gave me errors like 'unable to load certificate'.
The below actually worked for me after trying other options.
openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
This solution gives 'Verify return code: 0 (ok)'.
On an additional note: You can also specify the .key file as the -key value & it will work too i.e. something like, ref here
openssl s_client -connect gateway.push.apple.com:2195 -cert myCert.pem -key myprivatekey.key -CAfile entrust_2048_ca.cer
You need to give a CA certificate as CAfile commandline argument to s_client. The trusted root certificate for the push servers is the Entrust CA (2048) root certificate which you can download from Entrust's site.
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
For more information and other possible reasons, please, check Apple developer guide Troubleshooting Push Notifications.

jclouds with GCE Cannot connect: -----END RSA PRIVATE KEY----- doesn't contain % line [-----END ]

Trying to use google-compute-engine provider for jclouds there appears to be a problem when putting the pem extracted from the .p12 into the credential section of my jenkins config.xml
Followed these instruction https://github.com/jclouds/jclouds-labs-google/tree/master/google-compute-engine to extract the pem file from the p12
Error is see when trying to test connection:
Cannot connect to specified cloud, please check the identity and credentials: chars -----BEGIN RSA PRIVATE KEY----- HIDDEN -----END RSA PRIVATE KEY----- doesn't contain % line [-----END ]
If I remove the "-----BEGIN RSA", jclouds correctly tells me that % doesnt contain the line -----BEGIN
but it seems to be barfing on parsing the "-----END" part
I thought It might have to do with pasting the key into the Credential section of the configure jenkins U/I,
but I placed the key directly into the config.xml's section, and I'm getting the same error.
jenkins-1.583-1.1.noarch with Jclouds plugin 2.8
Any ideas?
-Aric
Convert the p12 file into pem format (it will ask for the keystore password, which is usually "notasecret"):
openssl pkcs12 -in my_keystore.p12 -out my_keystore.pem -nodes
Extract only the pk and remove passphrase
openssl rsa -in my_keystore.pem -out my_key.pem
Then you can use this key and problem will be solved.
The solution on my side is to use the Textarea. FYI: JENKINS-25283
and reason is losing the new line character. Hope this help you.
I was having a similar problem after reading the key from a user interface.
The fix for me was:
privatekey = privatekey.replace("\\\n", System.lineSeparator());
This ensures the key includes system specific line-break characters.

Creating p12 iOS developer certificate on Windows - error in last step

So, I've been looking around a lot of how to create a p12 file for iPhone development, and I think I'm doing exactly as I am supposed to, but at the last step I get some errors that are more or less impossible to decipher.
I am running Windows 7, and these are the steps I do:
1) Create the private key. I do this by running this command (cmd is opened in Administrator mode):
openssl genrsa -out mykey.key 2048
2) Create the CSR file
openssl req -new -key mykey.key -out developer_identify.csr
3) Upload the csr file to the iPhone dev site. Here I do the following:
Click on menu Identifiers --> App IDs, select the correct App ID, click Edit, click Create Certificate, click Continue, select the CSR-file created above and proceed. Wait for the site to tell me its all OK, and then download the *aps_development.cer* file.
4) Create the PEM file:
openssl x509 -in aps_development.cer -inform DER -out
developer_identity.pem -outform PEM
5) And lastly, create the p12 file (and this is where it fails):
openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem
-out iphone_dev.p12
The output after the last command:
Loading 'screen' into random state - done
Enter Export Password:
Verifying - Enter Export Password:
8216:error:060740A0:lib(6):func(116):reason(160):NA:0:
8216:error:23077073:lib(35):func(119):reason(115):NA:0:
8216:error:2306C067:lib(35):func(108):reason(103):NA:0:
8216:error:23073067:lib(35):func(115):reason(103):NA:0:
The p12 file is 0 bytes.
The PEM file looks alright, starts with
-----BEGIN CERTIFICATE-----
then a lot of jibberish and then ends with
-----END CERTIFICATE-----

Resources