sslherokuopensslssl-certificatednsimple

Heroku ssl certs: Key could not be read since it's protected by a passphrase


I am having trouble generating ssl certs that Heroku will accept for secure.mydomain.com. I'm using DNSimple, Cedar Stack, and following the instructions here: https://devcenter.heroku.com/articles/ssl-certificate

  1. Copy server.key & server.orig.crt from DNSimple
  2. Get root CA certificate with $ curl https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem > rapidssl_bundle.pem
  3. Concatenate into one file with cat server.orig.crt rapidssl_bundle.pem > server.crt

So now I have the server.key & server.orig.crt files, which I try to upload to Heroku with $ heroku certs:add server.crt server.key. This gives the error

Key could not be read since it's protected by a passphrase.

The docs above don't mention anything about removing the passphrase from the server.key file. So I dug around and found the docs here: https://devcenter.heroku.com/articles/ssl#customdomain-ssl. I'm running these commands between #1 and #2 above:

1b. $ mv server.key server.orig.key

1c. $ openssl rsa -in server.orig.key -out server.key

However this gives the error

unable to load Private Key
47930:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-47/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY

Which I suspect means there is no private key found.

Anyone know what is the issue here? Is this a Heroku issue or an openssl issue (or a DNSimple issue)?


Solution

  • This is really stupid, but as far as I can tell there was an issue with using TextEdit in Mac OS to save the initial server.key and server.orig.crt files.

    I used TextMate instead and everything is working fine.