Connection Failed: PKey::parse_pem: error in private key
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jan 07, 2022 3:42 pm
Connection Failed: PKey::parse_pem: error in private key
Ok newbie to the whole openVPN so please go easy.
I have a mikrotik which I have configured a openVPN server.
I have written all the certificates and the profile but I keep getting this error. Is anyone able to enlighten me as to what this error is and how I could possibly resolve? please click link for photo of error.
https://1drv.ms/u/s!AjD5e4FKd-WXhuo0rNL ... g?e=gdWtzJ
logs in OpenVPN Connect is not bringing anything up at all.
Using windows 11 and OpenVPN connect version 3.3.2
have exported certificates from Mikrotik (server). This is the CA and the client certificate along with the client key.
have configured a ovpn profile in the same folder. Used a template that I got off the internet (seems pretty basic).
added a secret file with the username and password for the vpn into the same folder as the certificates and the profile.
I have a mikrotik which I have configured a openVPN server.
I have written all the certificates and the profile but I keep getting this error. Is anyone able to enlighten me as to what this error is and how I could possibly resolve? please click link for photo of error.
https://1drv.ms/u/s!AjD5e4FKd-WXhuo0rNL ... g?e=gdWtzJ
logs in OpenVPN Connect is not bringing anything up at all.
Using windows 11 and OpenVPN connect version 3.3.2
have exported certificates from Mikrotik (server). This is the CA and the client certificate along with the client key.
have configured a ovpn profile in the same folder. Used a template that I got off the internet (seems pretty basic).
added a secret file with the username and password for the vpn into the same folder as the certificates and the profile.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Re: Connection Failed: PKey::parse_pem: error in private key
Hello boehamian,
Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.
Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----
If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.
Good luck,
Johan
Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.
Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----
If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.
Good luck,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jan 07, 2022 3:42 pm
Re: Connection Failed: PKey::parse_pem: error in private key
thanks mate much appreciated. Had a look at the key file and it has that exact layout you speak of. Would it be worth not encrypting the client certificate? If so is there anything I have to put in the OVPN profile file that tells it not to look for an encryption key?openvpn_inc wrote: ↑Fri Jan 07, 2022 5:59 pmHello boehamian,
Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.
Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----
If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.
Good luck,
Johan
Have changed over to the other software as you suggested. Not sure where I connect the other version from.
This was the error log I got when I tried to connect
Sat Jan 8 11:34:11 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Jan 8 11:34:11 2022 Current Parameter Settings:
Sat Jan 8 11:34:11 2022 config = 'Client.ovpn'
Sat Jan 8 11:34:11 2022 mode = 0
Sat Jan 8 11:34:11 2022 show_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 show_digests = DISABLED
Sat Jan 8 11:34:11 2022 show_engines = DISABLED
Sat Jan 8 11:34:11 2022 genkey = DISABLED
Sat Jan 8 11:34:11 2022 genkey_filename = '[UNDEF]'
Sat Jan 8 11:34:11 2022 key_pass_file = '[UNDEF]'
Sat Jan 8 11:34:11 2022 show_tls_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 NOTE: --mute triggered...
Sat Jan 8 11:34:11 2022 292 variation(s) on previous 10 message(s) suppressed by --mute
Sat Jan 8 11:34:11 2022 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
Sat Jan 8 11:34:11 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Sat Jan 8 11:34:11 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Sat Jan 8 11:34:11 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:11 2022 Need hold release from management interface, waiting...
Sat Jan 8 11:34:11 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'state on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'log all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'echo all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold off'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold release'
Sat Jan 8 11:34:16 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:16 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:16 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:16 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:16 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:16 2022 Cannot load private key file client.key
Sat Jan 8 11:34:16 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:16 2022 MANAGEMENT: >STATE:1641607456,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:16 2022 Restart pause, 5 second(s)
Sat Jan 8 11:34:29 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:29 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:29 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:29 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:29 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:29 2022 Cannot load private key file client.key
Sat Jan 8 11:34:29 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:29 2022 MANAGEMENT: >STATE:1641607469,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:29 2022 Restart pause, 5 second(s)
Again, like I said, a bit new to this so slowly working it out
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jan 07, 2022 3:42 pm
Re: Connection Failed: PKey::parse_pem: error in private key
thanks mate for your help. I have managed to rectify the issue. Stupid me and a few pbcak errors. Took some nutting out but got their in the end. Thanks again.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Jan 16, 2022 1:12 pm
Re: Connection Failed: PKey::parse_pem: error in private key
Hello, good morning, how are you? I would like to know how you solved it, I get the same error. Thanks
- openvpn_inc
- OpenVPN Inc.
- Posts: 1332
- Joined: Tue Feb 16, 2021 10:41 am
Re: Connection Failed: PKey::parse_pem: error in private key
Hello tongavb,
In this particular case the issue was that the private key was encrypted. Decrypt it and then it should work just fine.
Kind regards,
Johan
In this particular case the issue was that the private key was encrypted. Decrypt it and then it should work just fine.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Apr 04, 2022 10:40 am
Re: Connection Failed: PKey::parse_pem: error in private key
Could you please describe how did you decrypt the key?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Nov 29, 2022 10:06 pm
Re: Connection Failed: PKey::parse_pem: error in private key
openssl rsa -passin pass:ClienKeyPassw0rd -in client.key -out client-decrypt.key
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Dec 20, 2023 1:38 pm
Re: Connection Failed: PKey::parse_pem: error in private key
Hi
We utilized Docker to set up OpenVPN initially on Linux. After creating and sharing the VPN file with the client, we observed that it functions properly on Linux but encounters issues when used on Windows, even with the OpenVPN application on Windows.
Error message in Windows: pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error.
We utilized Docker to set up OpenVPN initially on Linux. After creating and sharing the VPN file with the client, we observed that it functions properly on Linux but encounters issues when used on Windows, even with the OpenVPN application on Windows.
Error message in Windows: pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 13, 2024 10:18 pm
Re: Connection Failed: PKey::parse_pem: error in private key
I can't see the error that boehamian posted, but if its what sairam posted I am in the same boat. I have posted about it on the new forums.
OpenVPN Connect works on macOS, iOS, Android, and my Windows machine. For a co-worker OpenVPN Connect gives the "pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error." as above.
OpenVPN GUI works for them with the same profile and password.
Their profile and password work fine on my Windows machine with OpenVPN Connnect.
My profile and password does not work on their Windows machine with OpenVPN Connect.
To me it seems passwords are not being saved correctly on their machine, but I am not sure how to debug that to rule it out.
OpenVPN Connect works on macOS, iOS, Android, and my Windows machine. For a co-worker OpenVPN Connect gives the "pkey::parse_pem: error in private key::error:1c800064:provider routines::bad decrypt /error: 11800074:pkcs12 routines:: pkcs12 cipherfinal error / error:1c800074:provider routines::bad decrypt / error :11800074:pkcs12 routines::pkcs12 cipherfinal error." as above.
OpenVPN GUI works for them with the same profile and password.
Their profile and password work fine on my Windows machine with OpenVPN Connnect.
My profile and password does not work on their Windows machine with OpenVPN Connect.
To me it seems passwords are not being saved correctly on their machine, but I am not sure how to debug that to rule it out.