Private key message

Jouni Malinen j at
Wed Aug 26 16:55:15 EDT 2009

On Thu, Jul 30, 2009 at 08:37:53AM -0500, Michael Kurecka wrote:
> I'm setup for EAP-TLS with following .conf file:

>         private_key="/etc/cert/projects.pfx"

> and I'm getting the following messages:
> OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (DER)
> failed error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
> OpenSSL: tls_connection_private_key - SSL_use_PrivateKey_File (PEM)
> failed error:0906D06C:PEM routines:PEM_read_bio:no start line

> they are only MSG_DEBUG messages and it seems to be working but is this
> normal or a problem with my private key file? If a problem, what is the
> issue? No problem was seen when I applied the projects.pfx file on a XP
> machine.

This is expected behavior when using PKCS#12 (PFX) files. The OpenSSL
wrapper code is not aware of the file type and it just simply tries to
get OpenSSL parsing it in different formats until something works. If
everything fails, the actual error message would be printed ("OpenSSL:
Failed to load private key").

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list