BLYNK
HOME       📲 GETTING STARTED       📗 DOCS       ❓HELP CENTER       👉 SKETCH BUILDER

Local Server encryption setup - File does not contain valid private key: /home/pi/Blynk/server.pem

Hi,

I ran into the same problem.
I followed both the GitHub commands and your commands as well to no avail.
I always run into the same problem & output:

Exception in thread “main” java.lang.RuntimeException: File does not contain valid private key: /home/pi/Blynk/server.pem
at cc.blynk.server.SslContextHolder.initSslContext(SslContextHolder.java:136)
at cc.blynk.server.SslContextHolder.(SslContextHolder.java:83)
at cc.blynk.server.Holder.(Holder.java:158)
at cc.blynk.server.launcher.ServerLauncher.start(ServerLauncher.java:95)
at cc.blynk.server.launcher.ServerLauncher.main(ServerLauncher.java:74)

I am trying to get this working on a raspberry pi.
Any thoughts would be appreciated

@Dragon this is an old topic, and I belive new changes have happened since… and besides this issues resolution was using the auto certification. You might want to just consider going that route.

Please create a new topic with full details if you still have questions.

EDIT Actually, I just created a new topic for you :slight_smile:

I seem to remember running into something similar with a Local Server test a few months ago… I believe it was just a user error on my part by not having the correct file in the correct spot…

Can you provide the actual steps YOU ran in your situation?

1 Like

Hi,

thanks for moving the topic.
I ran the following commands:

openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem

server.properties:

#provide either full path to files either use ‘.’ for specifying current directory. For instance “./myfile.crt”
server.ssl.cert=./server.crt
server.ssl.key=./server.pem
server.ssl.key.pass=******

Also tried full path to files (same result)

Tried the following command as well (after deleting all the cert files)

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -days 1500 -in server.csr -signkey server.key -out server.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem

Exactly the same error message.

the system is up to date.
Do you have any clue, or have I done something profoundly wrong that I’ve missed?

thanks

Hi,

New to the community and have been trying out a local server this weekend when I got
the same error as you when using my owm private key (pem).

I have a workaround that involves not encrypting the pem file:

The first step creates the key and certificate:

openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt

You will be prompted as usual for country code, state, city, etc.

The second step creates an unencrypted pem file from the key:

openssl pkcs8 -nocrypt -topk8 -inform PEM -outform PEM -in server.key -out server_nocrypt.pem

You wont be prompted from the encryption password.

You can test the pem file is ok:

openssl pkcs8 -nocrypt -in server_nocrypt.pem

Then copy the pem and crt to /tmp

cp ./server.crt /tmp
cp ./server_nocrypt.pem /tmp

The unix permissions on both of these files is 600.

The server.properties need to be edited as shown below. Note the
password field must be empty.

server.ssl.cert=/tmp/server.crt
server.ssl.key=/tmp/server_nocrypt.pem
server.ssl.key.pass=

Let me know if anything is unclear, etc.

Some background:

I run my local server (0.39.4) in a VirtualBox (5.2.10) Ubuntu 18.04
guest running on 18.04.

I built the server from source to put some diagnostics in.

I traced the error in sslContextHolder.java to a call to a netty
class. I tried an older and newer version of netty but didn’t make any
difference.

Hi *,
I’m running blynk-server in an Ubuntu 18.04 server VM with openjdk 8.
I was having the same problem until I decide to use the v1 PBE-SHA1-2DES algorithm for encrypting the private key:
openssl pkcs8 -topk8 -v1 PBE-SHA1-2DES -in server.key -out server.enc.key
The use of this older v1 algorithm worked for me!

I pass for the same problem. So i realize that when i run the same commands that you did, my machine did not type the extension file in the name of their. Despite it has type pem the server expect extension in the name in key file like: “server.pem”