ERROR OpenSSL : error code: 151584876 in ../crypto/pem/pem_lib.c, line 745 for SP Signing Certificate

Mon Nov 28 21:36:41 UTC 2022

Below is from shibboleth2.xml file

  <!-- Simple file-based resolvers for separate signing/encryption keys. -->
        <CredentialResolver type="File" use="signing"
            key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
        <CredentialResolver type="File" use="encryption"
            key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>

This is what is getting loaded

Why we are getting error : 151584876 in ../crypto/pem/pem_lib.c, line 745

From: Christopher Bongaarts <cab at umn.edu>
Sent: Monday, November 28, 2022 4:11 PM
To: Shib Users <users at shibboleth.net>
Cc: Bhagwat, Shrikant <shrbhagw at med.umich.edu>
Subject: Re: ERROR OpenSSL : error code: 151584876 in ../crypto/pem/pem_lib.c, line 745 for SP Signing Certificate

External Email - Use Caution
On 11/28/2022 1:27 PM, Bhagwat, Shrikant via users wrote:
2022-11-28 18:58:49 INFO XMLTooling.SecurityHelper : loading private key from file (/etc/shibboleth/sp-encrypt-key.pem)
2022-11-28 18:58:49 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (/etc/shibboleth/sp-encrypt-key.pem)
2022-11-28 18:58:49 ERROR OpenSSL : error code: 151584876 in ../crypto/pem/pem_lib.c, line 745
2022-11-28 18:58:49 ERROR OpenSSL : error data: Expecting: CERTIFICATE
2022-11-28 18:58:49 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load certificate(s) from file (/etc/shibboleth/sp-encrypt-key.pem).
[...]
Any Idea ?

Looks like you're trying to load a private key file as the certificate - you probably want sp-encrypt-cert.pem instead for the cert file in your CredentialResolver.

--

%%  Christopher A. Bongaarts   %%  cab at umn.edu<mailto:cab at umn.edu>          %%

%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%

%%  University of Minnesota    %%  +1 (612) 625-1809    %%
**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221128/fc167087/attachment.htm>