KB Article #178433
CFT 3.2.2 Parsing error on Certificate or Key {15025/0}
Problem
User tries to import a certificate and its key in PKCS8 format in CFT 3.2.2.
In copilot, the error is the following:
“Private and Public key incompatible” or when importing using the command line the message: “Parsing error on Certificate or Key {15025/0} (Failed to add private key…)”
Resolution
In order for the key to work it needs to be converted in PEM format. XCA tool can be used as follows:
- Import the key in PKCS8
- Export the key in PEM format
- Import again the certificate and its PEM key in the CFT
How to distinguish the type of the key?
- Open the key in notepad
- Check the header
- “-----BEGIN RSA PRIVATE KEY-----“ is for PEM format
- “-----BEGIN PRIVATE KEY-----“ is for PKCS8 format
- The header is not the only difference from PEM to PKCS8, but also the content of the key, even if both use BASE64 encoding