Trouble enabling TLS with a self-signed, password-protected certificate

danben · October 4, 2021, 4:36pm

Using vault v1.8.1. I generated a certificate via the following:

openssl req -x509 -newkey rsa:4096 -keyout vault-server-cert-key.pem -out vault-server-cert.pem -days 365

and updated my config.hcl as follows:

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = "false"
  tls_cert_file = "/path/to/vault-config/ssl/vault-server-cert.pem"
  tls_key_file = "/path/to/vault-config/ssl/vault-server-cert-key.pem"
}

When I start the server (under the same user), it exits with:

Error parsing listener configuration.
Error initializing listener of type tcp: error loading TLS cert: tls: failed to parse private key

I’ve found instances of a couple of others raising this same issue, but they always resolved it by removing password protection from the private key via -nodes. I was wondering if there’s some way to resolve this while retaining password protection.

aram · October 4, 2021, 5:50pm

I have this come up once before and the result was the same, remove the password but I also found this: Run vault as a service with password protected private key · Issue #3844 · hashicorp/vault · GitHub so try it and see if it works.

danben · October 4, 2021, 6:07pm

That person is having a different issue (he wanted to provide the password via a method other than tty)

Topic		Replies	Views
Vault startup fails while I use my certificate Vault	3	939	July 23, 2023
TLS on Windows Server 2019 Vault	8	1998	October 29, 2020
Hashicorp Vault : “ Error initializing listener of type tcp: error loading TLS cert ” Where is my mistake? Vault	9	8580	November 15, 2020
Vault with TLS Enabled won't start - connection refused by the listener Vault	4	3112	June 30, 2020
Issues with TLS configuration for Vault Vault	4	2713	August 21, 2023

Trouble enabling TLS with a self-signed, password-protected certificate

Related topics