26

I would like to run an https C++ server from this source code.

I have followed up this website to generate the certificate:

openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr cp server.key server.key.org openssl rsa -in server.key.org -out server.key openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

which led to creation of four files:

server.crt server.csr server.key server.key.org

Then, in my firefox browser, I go to preferences/advanced:

about:preferences#advanced

Then view certificate, your certificates, import.

import certificate

enter image description here

But at the end, I face with an error and nothing happens:

This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.

error

All necessary file including server.key are there.

What is the problem?

What should I do?

Improve this question
7
  • It does not matter if the key is "there" - you did not offer it together with the certificate so the browser knows nothing about it. Just cat *.crt and *.key together into one file and import this: cat server.crt server.key > cert_and_key.pem. Or just add the key to the certificate, i.e. cat server.key >> server.crt. Commented Jul 1, 2017 at 12:27
  • 1
    @SteffenUllrich, I still get the same error when importing cert_and_key.pem: This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested. Commented Jul 1, 2017 at 12:32
  • 1
    That certificate is supposed to authenticate the server, it's not supposed to authenticate you. You need to import it in server, not your certificates. Commented Jul 1, 2017 at 12:47
  • @user2313067, The server tab has no import button. It only has add exception button. Commented Jul 1, 2017 at 13:35
  • 2
    Are you trying to add a server certificate as a client certificate? Commented Jul 3, 2017 at 17:23

1 Answer 1

Reset to default
42

It looks like that Firefox (and Chrome too) can only import key and cert together if they are inside a PKCS#12 file but not when they are in a PEM format. To create such a file from the created certificates:

openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12

Then import the server.p12 file in Firefox.

Improve this answer
5
  • 1
    Thanks a lot. It stores the password successfully but the connection is not secure: screenshot Commented Jul 1, 2017 at 13:11
  • @ar2015: The certificate was successfully imported. What you ask now is a different question and should not be asked as a comment. But I recommend that you look at the "Advanced" information offered. If these don't help you and you cannot find anything useful based on the information in Advanced please ask a new question and include the details from Advanced and the contents of your certificate. Commented Jul 1, 2017 at 13:37
  • 1
    Does anyone know why this is? Coming from a software engineering perspective, this is a blatant bug to me. Error message erroneously reports you don't have the matching private key when you clearly do, but the real problem is Firefox doesn't properly support PEM. Commented May 12, 2023 at 15:59
  • @GrantCurell +1. But it can get even worse: hallofshame.gp.co.at/errormsg.htm. 😁 Commented Jul 22, 2023 at 16:22
  • Add Thunderbird to the list of application that can only import key and cert together if they are inside a PKCS#12 file. Commented Aug 18, 2024 at 12:43

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.