Connection Failed: PKey::parse_pem: error in private key

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
boehamian
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 07, 2022 3:42 pm

Connection Failed: PKey::parse_pem: error in private key

Post by boehamian » Fri Jan 07, 2022 3:56 pm

Ok newbie to the whole openVPN so please go easy.
I have a mikrotik which I have configured a openVPN server.

I have written all the certificates and the profile but I keep getting this error. Is anyone able to enlighten me as to what this error is and how I could possibly resolve? please click link for photo of error.
https://1drv.ms/u/s!AjD5e4FKd-WXhuo0rNL ... g?e=gdWtzJ

logs in OpenVPN Connect is not bringing anything up at all.

Using windows 11 and OpenVPN connect version 3.3.2

have exported certificates from Mikrotik (server). This is the CA and the client certificate along with the client key.
have configured a ovpn profile in the same folder. Used a template that I got off the internet (seems pretty basic).
added a secret file with the username and password for the vpn into the same folder as the certificates and the profile.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Connection Failed: PKey::parse_pem: error in private key

Post by openvpn_inc » Fri Jan 07, 2022 5:59 pm

Hello boehamian,

Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.

Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----

If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

boehamian
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 07, 2022 3:42 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by boehamian » Sat Jan 08, 2022 1:55 am

openvpn_inc wrote:
Fri Jan 07, 2022 5:59 pm
Hello boehamian,

Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.

Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----

If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.

Good luck,
Johan
thanks mate much appreciated. Had a look at the key file and it has that exact layout you speak of. Would it be worth not encrypting the client certificate? If so is there anything I have to put in the OVPN profile file that tells it not to look for an encryption key?

Have changed over to the other software as you suggested. Not sure where I connect the other version from.

This was the error log I got when I tried to connect
Sat Jan 8 11:34:11 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Jan 8 11:34:11 2022 Current Parameter Settings:
Sat Jan 8 11:34:11 2022 config = 'Client.ovpn'
Sat Jan 8 11:34:11 2022 mode = 0
Sat Jan 8 11:34:11 2022 show_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 show_digests = DISABLED
Sat Jan 8 11:34:11 2022 show_engines = DISABLED
Sat Jan 8 11:34:11 2022 genkey = DISABLED
Sat Jan 8 11:34:11 2022 genkey_filename = '[UNDEF]'
Sat Jan 8 11:34:11 2022 key_pass_file = '[UNDEF]'
Sat Jan 8 11:34:11 2022 show_tls_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 NOTE: --mute triggered...
Sat Jan 8 11:34:11 2022 292 variation(s) on previous 10 message(s) suppressed by --mute
Sat Jan 8 11:34:11 2022 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
Sat Jan 8 11:34:11 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Sat Jan 8 11:34:11 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Sat Jan 8 11:34:11 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:11 2022 Need hold release from management interface, waiting...
Sat Jan 8 11:34:11 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'state on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'log all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'echo all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold off'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold release'
Sat Jan 8 11:34:16 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:16 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:16 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:16 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:16 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:16 2022 Cannot load private key file client.key
Sat Jan 8 11:34:16 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:16 2022 MANAGEMENT: >STATE:1641607456,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:16 2022 Restart pause, 5 second(s)
Sat Jan 8 11:34:29 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:29 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:29 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:29 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:29 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:29 2022 Cannot load private key file client.key
Sat Jan 8 11:34:29 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:29 2022 MANAGEMENT: >STATE:1641607469,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:29 2022 Restart pause, 5 second(s)


Again, like I said, a bit new to this so slowly working it out :D

boehamian
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 07, 2022 3:42 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by boehamian » Sat Jan 08, 2022 2:33 pm

thanks mate for your help. I have managed to rectify the issue. Stupid me and a few pbcak errors. Took some nutting out but got their in the end. Thanks again.

tongavb
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 16, 2022 1:12 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by tongavb » Sun Jan 16, 2022 1:15 pm

Hello, good morning, how are you? I would like to know how you solved it, I get the same error. Thanks

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Connection Failed: PKey::parse_pem: error in private key

Post by openvpn_inc » Mon Jan 17, 2022 1:35 pm

Hello tongavb,

In this particular case the issue was that the private key was encrypted. Decrypt it and then it should work just fine.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

toshko3@mail.bg
OpenVpn Newbie
Posts: 2
Joined: Mon Apr 04, 2022 10:40 am

Re: Connection Failed: PKey::parse_pem: error in private key

Post by toshko3@mail.bg » Mon Apr 04, 2022 10:43 am

Could you please describe how did you decrypt the key?

andreslafuente
OpenVpn Newbie
Posts: 1
Joined: Tue Nov 29, 2022 10:06 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by andreslafuente » Tue Nov 29, 2022 10:06 pm

openssl rsa -passin pass:ClienKeyPassw0rd -in client.key -out client-decrypt.key

sairam
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 20, 2023 1:38 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by sairam » Fri Dec 22, 2023 11:19 am

Hi
We utilized Docker to set up OpenVPN initially on Linux. After creating and sharing the VPN file with the client, we observed that it functions properly on Linux but encounters issues when used on Windows, even with the OpenVPN application on Windows.

Error message in Windows: pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error.

bradm
OpenVpn Newbie
Posts: 3
Joined: Wed Nov 13, 2024 10:18 pm

Re: Connection Failed: PKey::parse_pem: error in private key

Post by bradm » Wed Nov 13, 2024 10:45 pm

I can't see the error that boehamian posted, but if its what sairam posted I am in the same boat. I have posted about it on the new forums.

OpenVPN Connect works on macOS, iOS, Android, and my Windows machine. For a co-worker OpenVPN Connect gives the "pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error." as above.

OpenVPN GUI works for them with the same profile and password.

Their profile and password work fine on my Windows machine with OpenVPN Connnect.
My profile and password does not work on their Windows machine with OpenVPN Connect.

To me it seems passwords are not being saved correctly on their machine, but I am not sure how to debug that to rule it out.

Post Reply