Okta Access Gateway (OAG) reports the following error message while uploading a certificate with the password:
PEM_do_header:bad password read error
- Okta Access Gateway (OAG)
- SSL Certificate
- Okta Classic Engine
The OAG appliance does not support password-protected certificates. The following error message may be displayed in the Management interface during the certificate upload:
failed to create symbolic link '/opt/oag/nginx/ssl/mycertificate_com.key': File exists
Enter PEM pass phrase:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/opt/oag/nginx/ssl/%_mycertificate_com.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /opt/oag/nginx/conf/nginx.conf test failed
Error: There was a problem using this certificate! Rolling back previous certificate
Remove the certificate password using the following OpenSSL commands:
- Certificate only:
openssl rsa -in key.pem -out newkey.pem
- Certificate and key are together:
openssl rsa -in mycert.pem -out newcert.pem openssl x509 -in mycert.pem >>newcert.pem
