BLYNK
HOME       📲 GETTING STARTED       📗 DOCS       ❓HELP CENTER       👉 SKETCH BUILDER

Local Server encryption setup - File does not contain valid private key: /home/pi/Blynk/server.pem

Hi,

I ran into the same problem.
I followed both the GitHub commands and your commands as well to no avail.
I always run into the same problem & output:

Exception in thread “main” java.lang.RuntimeException: File does not contain valid private key: /home/pi/Blynk/server.pem
at cc.blynk.server.SslContextHolder.initSslContext(SslContextHolder.java:136)
at cc.blynk.server.SslContextHolder.(SslContextHolder.java:83)
at cc.blynk.server.Holder.(Holder.java:158)
at cc.blynk.server.launcher.ServerLauncher.start(ServerLauncher.java:95)
at cc.blynk.server.launcher.ServerLauncher.main(ServerLauncher.java:74)

I am trying to get this working on a raspberry pi.
Any thoughts would be appreciated

@Dragon this is an old topic, and I belive new changes have happened since… and besides this issues resolution was using the auto certification. You might want to just consider going that route.

Please create a new topic with full details if you still have questions.

EDIT Actually, I just created a new topic for you :slight_smile:

I seem to remember running into something similar with a Local Server test a few months ago… I believe it was just a user error on my part by not having the correct file in the correct spot…

Can you provide the actual steps YOU ran in your situation?

1 Like

Hi,

thanks for moving the topic.
I ran the following commands:

openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem

server.properties:

#provide either full path to files either use ‘.’ for specifying current directory. For instance “./myfile.crt”
server.ssl.cert=./server.crt
server.ssl.key=./server.pem
server.ssl.key.pass=******

Also tried full path to files (same result)

Tried the following command as well (after deleting all the cert files)

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -days 1500 -in server.csr -signkey server.key -out server.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem

Exactly the same error message.

the system is up to date.
Do you have any clue, or have I done something profoundly wrong that I’ve missed?

thanks

Hi,

New to the community and have been trying out a local server this weekend when I got
the same error as you when using my owm private key (pem).

I have a workaround that involves not encrypting the pem file:

The first step creates the key and certificate:

openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt

You will be prompted as usual for country code, state, city, etc.

The second step creates an unencrypted pem file from the key:

openssl pkcs8 -nocrypt -topk8 -inform PEM -outform PEM -in server.key -out server_nocrypt.pem

You wont be prompted from the encryption password.

You can test the pem file is ok:

openssl pkcs8 -nocrypt -in server_nocrypt.pem

Then copy the pem and crt to /tmp

cp ./server.crt /tmp
cp ./server_nocrypt.pem /tmp

The unix permissions on both of these files is 600.

The server.properties need to be edited as shown below. Note the
password field must be empty.

server.ssl.cert=/tmp/server.crt
server.ssl.key=/tmp/server_nocrypt.pem
server.ssl.key.pass=

Let me know if anything is unclear, etc.

Some background:

I run my local server (0.39.4) in a VirtualBox (5.2.10) Ubuntu 18.04
guest running on 18.04.

I built the server from source to put some diagnostics in.

I traced the error in sslContextHolder.java to a call to a netty
class. I tried an older and newer version of netty but didn’t make any
difference.

Hi *,
I’m running blynk-server in an Ubuntu 18.04 server VM with openjdk 8.
I was having the same problem until I decide to use the v1 PBE-SHA1-2DES algorithm for encrypting the private key:
openssl pkcs8 -topk8 -v1 PBE-SHA1-2DES -in server.key -out server.enc.key
The use of this older v1 algorithm worked for me!