If you are a Business or Enterprise customer and using the Custom SSL feature, you may see this error code when trying to upload your custom SSL certificate:
"The key could not be parsed."
The likely reason for this error code is that the file is in a non-standard PEM format, like PFX. Cloudflare accepts:
- Regular PEM encoded keys and certificates (i.e a plain text file, usually ending with .pem, that contains the unencrypted certificate and/or private key).
- PKCS#7 (usually ending with .p7b or .p7c) encoded in "signedData" format (data, envelopedData, signedAndEnvelopedData, digestedData, and encryptedData are not supported).
- PKCS#12 (usually ending in .pfx or .p12) encrypted with a blank password.
If you have a certificate file that ends with .pfx and the password on it isn't blank, it is possible to convert a PFX file to a standard that will work with the Cloudflare system.
To convert the file, run this command (replacing domain_cert.pfx with your PFX file):
openssl pkcs12 -in domain_cert.pfx -out keyStore.pem -nodes
If you are seeing the error code and you have the file in the proper format, please contact Cloudflare support so we can investigate further.
NOTE: Make sure your PEM file does not have a passphrase currently set. For steps to remove the passphrase see these details: http://www.sslshopper.com/article-most-common-openssl-commands.html
** Remove a passphrase from a private key **
openssl rsa -in privateKey.pem -out newPrivateKey.pem