Skip to content

Instantly share code, notes, and snippets.

@imShakil
Last active December 2, 2022 05:00
Show Gist options
  • Save imShakil/69cebadaa005883af6cb6e26a8e22589 to your computer and use it in GitHub Desktop.
Save imShakil/69cebadaa005883af6cb6e26a8e22589 to your computer and use it in GitHub Desktop.
Shibboleth SP error: unable to load private key from [path]

I was trying to setup Shibboleth SP with our Gluu Server which is used the Shibboleth IDP. For no reason, I was stuck at this situation. After speending few hours I was able to detect the issue and solved the problem. This may help you too.

Error at shibd.log:

2022-06-10 01:25:08 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/certs/domain.key).
2022-06-10 01:25:08 INFO XMLTooling.CredentialResolver.Chaining : building CredentialResolver of type File
2022-06-10 01:25:08 INFO XMLTooling.SecurityHelper : loading private key from file (/etc/certs/domain.key)
2022-06-10 01:25:08 ERROR OpenSSL : error code: 33558541 in bss_file.c, line 406
2022-06-10 01:25:08 ERROR OpenSSL : error data: fopen('/etc/certs/domain.key','r')
2022-06-10 01:25:08 ERROR OpenSSL : error code: 537346050 in bss_file.c, line 408
2022-06-10 01:25:08 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/certs/domain.key).

File Permission at /etc/certs:

-rw-r--r--  1 root root 1277 Jun 10 01:23 domain.crt
-rw-r--r--  1 root root 1033 Jun 10 01:23 domain.csr
--w-------  1 root root 1704 Jun 10 01:23 domain.key 

If this the same you are facing, then I would say It's a simple issue. But, It took me 16 hours to detect. I hope you find this solution within less time than me.

Solution

If you look at the File Permission, you can two files got the read permission while domain.key don't have the read permission. So, what you have to do is to give the read permission to that file. You can do that with below command:

chmod +r domain.key

That's all. Restart the shibd and apache/httpd.

verify the issue with:

tail -f /var/log/shibboleth/shibd.log

You are good to go. Thanks...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment