1

Tried to generate SSH Key and PFX files to be imported into Key Management in Marketing Cloud.

It gives errors each time.

SSH Key Generation:

openssl genrsa -des3 -out private.pem 2048 openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Error when uploading private key into Key Management:

File is not encrypted. No passphrase required.

Error when uploading private key into Key Management:

Object reference not set to an instance of an object.

PFX FIle Generation:

openssl req -x509 -days 365 -newkey rsa:2048 -keyout my-key.pem -out my-cert.pem openssl pkcs12 -export -in my-cert.pem -inkey -my-key.pem -out accountmgmt.pfx

Error when uploading PFX file into Key Management:

The key file does not contain any valid public encryption keys.

I am not sure which format would it support.

Improve this question
2
  • 1
    this helped me recently: superuser.com/questions/1484478/… Commented May 11, 2020 at 12:02
  • @JonasLamberty - can you post the details in an answer, as links have a tendency to die. Also, it is not implicit to see that this question indeed has been answered. Thank you Commented May 11, 2020 at 12:50

1 Answer 1

Reset to default
3

Crosspost from this source: https://superuser.com/questions/1484478/marketing-cloud-ssh-key-generation-inconsistency-between-putty-and-ssh-keygen

All credit to the responder there.

===

Latest versions of OpenSSH ssh-keygen (7.8 and newer) generate keys in a new format (BEGIN OPENSSH PRIVATE KEY).

Your software (Salesforce Marketing Cloud) does not seem to support that format.

Use -m PEM flag, to make new ssh-keygen generate the keys in the old format (like BEGIN RSA PRIVATE KEY):

ssh-keygen -m PEM -t rsa -b 2048

You can also use ssh-keygen to convert your existing key in the new format to the old format by "abusing" the -p switch:

ssh-keygen -p -f file -m PEM -P passphrase -N passphrase

(if the key is not encrypted with a passphrase, use "" instead of passphrase)

PuTTYgen can also generate both formats. But, unless you use the command with "(force new file format)" or unless you generate Ed25519 key (not supported by the old format), it defaults to the old format. That was also the behavior of ssh-keygen in 6.5–7.7.

Btw, there's also a command-line Linux puttygen.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.