I have a powershell script that I want to run on 2 different stand-alone machines. On Windows 8.1 with the SDK installed, I issue the command:
makecert -r -pe -n "CN=My Root Authority" -ss CA -sr CurrentUser ^
-a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
and I get back:
Error: Can't access the key of the subject ('CA.pvk')
Failed
CA.pvk gets created, but not CA.cer
Any ideas?
Thanks in advance, Geoff
Several confusing and unhelpful password prompts should pop up after running this command.
I got the same error message when I entered a different password in the second prompt to the one had I entered in the first.
Entering the same password in both the first and second
pop-up screens got me past this.
Related
Purpose: I would like to unlock the Coinbase account so it can be used to transfer ethers to Metamask.
I input the following command on Windows' Command Prompt:
geth --datadir ~/eth-dev/ --networkid 326584 --verbosity 4 --ipcdisable --port 30301 --nodiscover -- console 2>> ~/eth-dev/eth.log
I could get into the Geth Javascript console. But once I typed in the command:
personal.unlockAccount(eth.coinbase, "123456789")
it returned:
GoError: Error: could not decrypt key with given password at web3.js:6347:37(47)
at native
at :1:38(5)
My passphrase is 123456789.
I also tried creating a new personal account and input a new passphrase and tried entering the two commands above
and I still got the error (in red) as stated above.
How are we supposed to fix the above error (in red)? What is the solution?
Could you please help me?
The required syntax for unlockAccount() function is
personal.unlockAccount(address, password, duration)
Note : Here duration is optional. This function asks for account password and NOT the passphrase.
Solution to you query:
Enter the following command by entering a blank passphrase.
personal.unlockAccount(eth.coinbase)
If the console prompts to create/enter your password, skip it by hitting enter key.
On a Mac (Big Sur) machine, I can easily get a password from the keychain via the command line:
security find-generic-password -l Foo -w
But, if I ssh into that same machine, the exact same command returns nothing.
Any ideas why that would be happening?
Jeff Holt's response helped me.
Indeed the remote keychain was locked and can be unlocked with security unlock-keychain. If you are interacting via the command line perhaps using a script you can test for whether the default keychain is unlocked with show-keychain-info which returns a non-zero value when locked.
In bash selectively prompt to unlock the keychain (with squashing of the redundant text output of show-keychain-info to stderr):
if ! $(security show-keychain-info 2> /dev/null); then
security unlock-keychain;
fi
While making ssh without asking password. I tried the following
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub user#192.168.200.4
It shows me the following error:
Try running "ssh-add" on your client PC. It should solve the problem.
Basically the reason why it works is (quoted from here):
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity.
It shows me the following error:
There is no error. It says it copied your key to the server.
I want to create a client certificate and I am running below command in Visual Studio Command prompt.
The below command runs successfully but I don't know the certificate location.
where it get stores ?
makecert -r -pe -n "CN=XYZ Company" -b 01/01/2013 -e 01/01/2014 -sky exchange -ss my
using the parameter -ss my you are explicitly stating that the cert should be saved into your personal certificate storage for your Windows account.
Open certmgr.msc (via execute on start menu) and look into your certificate store.
Dear ladies and sirs.
Observe this simple batch file:
makecert -n "CN=MyCA" -sr localmachine -ss root -a sha1 -cy authority -r -sv MyCA.pvk MyCA.cer
del MyCA.pvk
del MyCA.cer
makecert -n "CN=il-mark-lt" -sr localmachine -ss my -cy end -pe -sky exchange -a sha1 -is root -ir localmachine -in MyCA
However, the last makecert fails with the following error message:
Error: Fail to acquire a security provider from the issuer's certificate
How do I troubleshoot it? Any ideas? BTW, the first makecert succeeds. Of course, I delete it again, before running the commands again.
Thanks.
EDIT1
I understood the reasons for the failure. The second command expects the file MyCA.pvk to exist, but I do not want to keep it around. So, what can I do?
Just leave out the -sv MyCA.pvk part. It should still generate a private key and store it normally and not as a pvk file and it should be found by makecert ... -in MyCA.1
I was getting this error because I didn't start the command line with Admin privileges.
I guess the error is something of a misnomer in this case.
The problem is the first command, you are creating a self signed certificate and adding it to the Trusted Root store of the Local Machine account (but you probably know that). But you're also creating files for the public and private keys for the certificate, the .pvk and .cer files.
The second command is creating another certificate, this time not a self signed one but signed by the first certificate. In order to sign a certificate you need both the public and the private key of the issuer (CN=MyCA), you are instructing makecert to look for the issuer public key in the Local Machine Trusted Root Certificate store, that's fine, but you don't have the private key anymore, since MyCA.pvk was deleted.
If you don't specify file names for the private and public keys on the first command, i.e. do not include the -sv MyCA.pvk parameter and MyCA.cer, both the public and private keys will be added to the store. That means there will be no need to delete files because they won't be generated.
Also, if you open a management console, press [WIN]+[R] type mmc [Return], go to File -> Add/Remove Snap in -> Select "Certificates" -> "Add" -> "Computer Account" and then navigate the tree to Trusted Root Certificates\Certificates you will find MyCA in the left pane. You'll notice a small key on the icon and if you double click the certificate a message at the bottom of the General tab properties will state "You have a private key that corresponds to this certificate". That means you can use that certificate to sign a new one, like you're trying to do in with the second command.