I can generate my own private key and certificate as follows:
openssl genrsa -out privatekey.pem 2048
openssl req -new -x509 -key privatekey.pem -out g4certificate.pem -days 1095
Copy+pasting the certificate/private key parts into a database and executing a test toolkit returns a successful HMAC key exchange.
However, I've now purchased a GlobalSign ssl certificate and have the .pfx file.
How can I extract the equivalent RSA private key/certificate similar to those used when the toolkit returned a successful key exchange?
My attempt:
I tried to convert the .pfx file to a .pem file using the following command:
openssl pkcs12 -nodes -in filename.pfx -out filename.pem
The resulting .pem file contains 3 certificates and a private key with a header of '—–BEGIN PRIVATE KEY—–' and not '—–BEGIN RSA PRIVATE KEY—–'.
I've tried to copy+paste the private key out into a new document and saved it as privatekey.key. Then converted it using the following command:
openssl rsa -in privatekey.key -out privatekey_new.key
This produces a file with the '—–BEGIN RSA PRIVATE KEY—–' header which is like the self-generated RSA key.
However, when attempting the key exchange, I get the following error:
DEBUG [AbstractTest] - Failed:
java.security.InvalidKeyException: Wrong key usage
at javax.crypto.Cipher.init(Cipher.java:1674)
at javax.crypto.Cipher.init(Cipher.java:1580)
Best Answer
It means that the certificate cannot be used for thing you are trying to.