000033986 - How to recover from "Error: The private key could not be parsed" when trying to upload the RSA SecurID Access Identity Router (IDR) SSL private key

Document created by RSA Customer Support Employee on Oct 21, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033986
Applies ToRSA Product Set:  SecurID Access
When uploading your SSL private key through the Administration Console (My Account > Company Settings > Company Information), as described in the RSA SecurID Access documentation on how to Configure Company Settings and Certificates, the following error displays:

Error: The private key could not be parsed
User-added image



CauseThe private key was encrypted by a password/passphrase when created.
ResolutionThe IDR requires that the private key be uploaded without password protection. 
You can create a temporary un-encrypted version of the protected private key using the openssl toolkit:
# openssl rsa -in <private_encrypted>.key -out <private_unencrypted>.key
Enter pass phrase for <private_encrypted>.key:
writing RSA key

After uploading the un-encrypted key via the Administration Console, it should then be deleted from your local system. 

NotesYou can check if a key has been password protected:

Unprotected Case

openssl rsa -text -noout -in <private_unencrypted>.key
Private-Key: (1024 bit)

Note that you are not prompted for a pass phrase.

Protected Case

openssl rsa -text -noout -in <private_encrypted>.key
Enter pass phrase for <private_encrypted>.key:

Note that you are prompted for a passphrase.