Archived Forum Post

Index of archived forum posts


Private Key Required for Client-Side SSL/TLS Certificates?

Oct 18 '12 at 11:44

I’m trying to connect to a secured FTP using a crt certificate but I can’t, I receive this error message:

Certificate does not have an associated private key available.
A private key is required for client-side SSL/TLS certificates.
Here is a snippet of my code:
Chilkat.Cert cert = new Chilkat.Cert();
success = cert.LoadFromFile(@"C:/myCerts/cert.crt");
if (!success)
    MessageBox.Show("LoadFromFile: " + cert.LastErrorText);
success = ftp.SetSslClientCert(cert);
if (!success)
    MessageBox.Show("SetSslClientCert: " + ftp.LastErrorText);


There are several comments and answers for this question:

1) Check to make sure your FTP server really does require a client-side certificate for the SSL/TLS connection. Usually, if it does, then you should be aware of exactly what certificate you should be using. (Just because the connection is SSL/TLS does not mean you need a client-side certificate. The use of client-side SSL/TLS certs is usually reserved for higher-security systems.)

2) A .crt file only contains a certificate. It does not contain a cert's associated private key. Certs and private keys are typically contained in .p12 or .pfx files, both of which are the same format but simply with different file extensions. (They are PKCS12 format files.) If you have a .p12 or .pfx file, then this is what you should use instead of the .crt.

3) The cert.SetPrivateKeyPem method expects to be provided with the contents of a PEM formatted file that is the private key. A password is not the correct thing to pass to this method. SetPrivateKeyPem would only be used if your cert + private key was contained in separate files (perhaps the cert in a .crt, and the private key in a .pem).

4) You certainly do need the cert's associated private key when using a client-side SSL/TLS certificate. Without the private key, the SSL/TLS server would not be able to verify that you are who you say you are..