I am seeing "The key could not be parsed." How come?

If you are a Business or Enterprise customer and using the Custom SSL feature, you may see this error code when trying to upload your custom SSL certificate:

"The key could not be parsed."

The likely reason for this error code is that the file is in a non-standard PEM format, like PFX. Cloudflare accepts:

  • Regular PEM encoded keys and certificates (i.e a plain text file, usually ending with .pem, that contains the unencrypted certificate and/or private key).
  • PKCS#7 (usually ending with .p7b or .p7c) encoded in "signedData" format (data, envelopedData, signedAndEnvelopedData, digestedData, and encryptedData are not supported).
  • PKCS#12 (usually ending in .pfx or .p12) encrypted with a blank password.

If you have a certificate file that ends with .pfx and the password on it isn't blank, it is possible to convert a PFX file to a standard that will work with the Cloudflare system.

To convert the file, run this command (replacing domain_cert.pfx with your PFX file): 
openssl pkcs12 -in domain_cert.pfx -out keyStore.pem -nodes 

Or, go through this article on how to convert the file:   http://www.sslshopper.com/article-most-common-openssl-commands.html

If you are seeing the error code and you have the file in the proper format, please contact Cloudflare support so we can investigate further.

NOTE:  Make sure your PEM file does  not  have a passphrase currently set.  For steps to remove the passphrase see these details: http://www.sslshopper.com/article-most-common-openssl-commands.html

** Remove a passphrase from a private key ** 
openssl rsa -in privateKey.pem -out newPrivateKey.pem

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk