Supplied private key data is invalid

mdeinhardt · January 14, 2015, 4:43am

Hey all,

I just created a new certificate (4096 SHA2) for a siteworx account and want to install the private key. But I get the following error:

? There was a problem validating the form. Please see details below.
? Supplied private key data is invalid!

Any ideas why that would happen? I’ve tried copy-pasting the key in several ways, no luck…

Cheers,

Michael

d2d4j · January 14, 2015, 5:16am

Hi Michael

I’m thinking it’s connected with IW, which currently can only produce a SHA1, unless it’s been updated to SHA2.

How did you create SHA2, was it from ssh with OpenSSL

You could try to replace the key etc directly from /home/siteworx domain/var/domain/SSL I think from memory to see if that works, but a good pointer I found was to restart apache from ssh service httpd stop and service httpd start.

I hope that helps and sorry if I am wrong

Many thanks

John

mdeinhardt · January 14, 2015, 5:30am

Hi John,

we’re using Startcom certificates and I created my private key there. So you’re saying Interworx doesn’t support SHA2? Or it simply can’t create them yet?

I’ll have a look at /home/siteworx domain/var/domain/SSL now…

Muchas gracias

Michael

mdeinhardt · January 14, 2015, 5:37am

I’ve tried replacing the key, restarted Apache, but get this error when entering the SSL certificate:
? Supplied private key data is invalid!

d2d4j · January 14, 2015, 5:54am

Hi Michael

Sorry, IW can use SHA2 Certs, our Certs are SHA2.

I thought you had created a private SSL and not paid SSL.

Why are you replacing the private key and not just installing the cert, which you would have had your private key created before creating the csr.

My best advice for quickness, is to start again on siteworx SSL, ie delete all SSL settings, create new private key, create csr, regenerate SSL from provider, install only the cert and chain

Test, if not working restart apache manually from ssh ie do stop and then start, not a restart

Hope that helps

Many thanks

John

mdeinhardt · January 14, 2015, 6:30am

Hey John,

I’ve just tried following your advice (replacing key). Naturally I did try to install the private key first, exactly as I got it from the provider. That’s my original problem, resulting in “Supplied private key data is invalid”.

I didn’t want to use CSR, I’ve created my private and public keys at the provider, but Siteworx wouldn’t accept that private key.

Cheers, Michael

d2d4j · January 14, 2015, 7:56am

Hi Michael

Many thanks, I think but could be wrong, sorry, that it is because IW can only create SHA1, which would give a SHA1 csr, but can accept and use SHA2 Certs and chains.

I know IW will be working on updating SHA1 to 2, but not to sure when it’s expected.

Hopefully another user who has experience of SSL creation from outside IW will post, but sorry, we have always generated SSL from csr.

Sorry I couldn’t be more helpful

Many thanks

John

mdeinhardt · January 20, 2015, 2:44pm

Like always the Interworx support was awesome and able to help me. They found out that the private keys we received from Startcom are encrypted by default and have to be decrypted first in order to be accepted by Nodeworx/Siteworx.
Startcom has a tool to decrypt keys with the respective passphrase and using that decrypted key then finally worked.

More explanation from Robert: If a private key is encrypted with a passphrase, we would need to insert the passphrase every time there’s an httpd restart. Which happens regularly as part of InterWorx’s cron, as well as any time you add a new account or domain. So that’s why they don’t/can’t work.

Hope that information helps others too.