PowerProtect Data Manager: Unable to Replace Certificates Using UI and CLI

Summary: Unable to replace certificates in PowerProtect Data Manager using UI or CLI.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected versions:

All

The following error messages are seen in /var/log/brs/secretsmgr/secretsmgr.log. 
2023-08-17T06:02:44.721Z ERROR [] [https-jsse-nio-9092-exec-10] [][][][TRACE_ID:8e02249559de2eae][] [c.e.b.s.common.CommonUtils.performLinuxCommand(336)] - Executing command 'openssl pkcs8 -topk8 -in /home/admin/.config/customkey.pem -outform DER -nocrypt -out /home/admin/.config/customkey.pem.der' failed with exit code 1, error: Enter pass phrase for /home/admin/.config/customkey.pem:
User interface error
unable to load key
139851475568272:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:621:
139851475568272:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
139851475568272:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
139851475568272:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:142:

2023-08-17T06:02:44.801Z ERROR [] [https-jsse-nio-9092-exec-10] [][][][TRACE_ID:8e02249559de2eae][] [c.e.b.s.c.CertificateReplacementUtil.validateCerts(260)] - Unable to load private key!

2023-08-17T06:02:44.721Z ERROR [] [https-jsse-nio-9092-exec-6] [][][][TRACE_ID:ae0bcd2aed54aa0f][] [c.e.b.s.common.CommonUtils.performLinuxCommand(336)] - Executing command 'openssl pkcs8 -topk8 -in /home/admin/.config/customkey.pem -outform DER -nocrypt -out /home/admin/.config/customkey.pem.der' failed with exit code 1, error: Enter pass phrase for /home/admin/.config/customkey.pem:
User interface error
unable to load key
140574289626768:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:621:
140574289626768:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:108:
140574289626768:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:139:
140574289626768:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:142:

2023-08-17T06:02:44.802Z ERROR [] [https-jsse-nio-9092-exec-6] [][][][TRACE_ID:ae0bcd2aed54aa0f][] [c.e.b.s.c.CertificateReplacementUtil.validateCerts(260)] - Unable to load private key!
2023-08-17T06:02:44.724Z ERROR [] [https-jsse-nio-9092-exec-4] [][][][TRACE_ID:a83a8f953ad3b4d2][] [c.e.b.s.common.CommonUtils.performLinuxCommand(336)] - Executing command 'openssl pkcs8 -topk8 -in /home/admin/.config/customkey.pem -outform DER -nocrypt -out /home/admin/.config/customkey.pem.der' failed with exit code 1, error: Enter pass phrase for /home/admin/.config/customkey.pem:
User interface error
unable to load key

Cause

Private key certificates with passphrase encryption - PowerProtect Data Manager does not support private key certificates encrypted with passphrases.

It does support encrypted private keys without passphrases.

Resolution

Workaround:

Use private keys without passphrase encryption. 

Fixed Version: 

There is no fix for this behavior.

Affected Products

PowerProtect Software
Article Properties
Article Number: 000217585
Article Type: Solution
Last Modified: 01 Mar 2024
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.