Unable to decode the PEM-encoded private key

I have a private key .pfx, two certs .cer, and a password. These work fine when I install into Windows server and enable them through IIS, I am able to reach the websites with https just fine.

However, when I try to install into Ignition, I get

Validation Error!
The Gateway could not validate private key.

I get this same error whether I enable a password and enter it, or if I don't enable the password.

Am I missing something?


Hi Ken.
I'm having the same issue. Did you get this resolved?

Try running the PEM through OpenSSL to display it. This should give you a hint. (It should not ask for a password. An empty password is not the same as no password.)

Hi, I called support for this, after a couple of tries came up with this procedure:

  1. Open the .pfx file with Keystore explorer
  2. Export the Private Key as PKCS#8 and include the password.
  3. Now in that same pfx file, click Export Certificate Chain and select "Entire Chain" and X.509 as well as PEM. That will generate a .cer file.
  4. Now in the wizard, throw the private key file in as your private key and then use the cer for server certificate. It carries the rest of the chain and will auto-populate on the screen.

You have to download Keystore Explorer for this.

Hope that helps

1 Like