Solution: I used the below command to get it worked. Should the alternative hypothesis always be the research hypothesis? And gets an error: unable to load Public Key. You should easily find an OpenSSH command or other free tools to converts between formats. Have a question about this project? . Put someone on the same pedestal as another. Hello, everyone! let key = fs.readFileSync("abels-key.pem"); For Windows users with PowerShell and OpenSSL.Light installed who needs to extract everything between ----BEGIN CERTIFICATE----- and ----END CERTIFICATE-----: I got this because I was accidentally signing with my public key , I selected every reaction. const fs = require("fs"); Quote: unable to load private key 13804:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting . I am reviewing a very bad paper - do I have to be nice? Note:- 1. Do not ever. How do two equations multiply left by left equals right by right? please give me solution if you have. After Converting it (create a new txt file and edit old and new files with notepad.exe, copy > paste into the new file > save).. We now have new a compatible file-format Are you trying to convert the key file into the DOS mode ? Is there a way to use any communication without a CPU? Sick of ads? By clicking Accept all cookies, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. Sign in Both files are PEM format, both when viewed using cat show the same format. You can still get it using the -m PEM option, and you can also get the PKCS#8 format using -m PKCS8. writing RSA key. rev2023.4.17.43393. So the gen key command look like: Then you can get pem from your rsa private key. Already on GitHub? I would recommend the PKCS#8 format. PEM is an encoding format for keys - both DSA and RSA can use it. Trying to encrypt a text message via command line on OSX Yosomite 10.10.2. gd_bundle-g2-g1.crt -keystore keystore-name.keystore, sudo keytool -import -trustcacerts -alias root -file, sudo openssl pkcs12 -export -name servercert -in gd_bundle-g2-g1.crt -inkey sitename.com.key -out p12keystore.12. Browse other questions tagged, Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 > id_rsa.pem, openssl rsautl -encrypt -inkey ~/.ssh/id_rsa.pem -pubin -in ~/Desktop/myMessage.txt -out ~/Desktop/encrypted.txt, openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in ~/Desktop/encrypted.txt -out ~/Desktop/decrypted.txt. After converting it to plain UTF-8 (removing BOM), everything worked. openssl PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY, The philosopher who believes in Web Assembly, Improving the copy in the close modal and post notices - 2023 edition, New blog post from our CEO Prashanth: Community is the future of AI. We can fix by adding -m PEM when generate keys. openssl, haproxy, , . By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. Afterwards, I wanted to print information about key with command below. Deploy works but function crashes with the error code. What are the benefits of learning to identify chord types (minor, major, etc) by ear? Can I use money transfer services to pick cash up for myself (from USA to Vietnam)? I don't think keyform would help since PEM is the default anyways (according to the docs). Learn how your comment data is processed. Maybe try doing the same using a user with Admin Rights. Much appreciated. @ethan123 - I updated the answer to include instructions to test the key with the, @Mark I saw this solution and tried it. That's really it. How to add double quotes around string and number pattern? Willing to share technical skills with others. OpenSSL command did not worked as expected for this. Now OpenSSH has its own Private Key format. Or is it perhaps DER encoded which requires you to add -keyform DER your decryption command line?. You can reproduce this as follows - Create pass phrase protected private key Decrypt the private key to make sure it works. Bob has signed that I am Alice. OpenSSL command did not worked as expected for this. Information Security Stack Exchange is a question and answer site for information security professionals. Spellcaster Dragons Casting with legendary actions? Open the File Explorer and then go to the OpenSSL Bin folder to get the files generated such as the server.csr and the server.key. What PHILOSOPHERS understand for intelligence? By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. UNIX is a registered trademark of The Open Group. Thanks for the question @robotsfoundme . "Expecting: ANY PRIVATE KEY" isn't a very helpful error message, For me, the permissions were off on the files so openssl couldn't read the file, therefore -> 'no start line'. line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: Import the file into openssl with options for exporting as PFX file Let me explain what all of these files are and what they mean. @Rajas If you have an additional question, please open a new question. Asking for help, clarification, or responding to other answers. OpenSSL Expecting: ANY PRIVATE KEY. @garethTheRed: if possible, please can you check the updated post? What are the benefits of learning to identify chord types (minor, major, etc) by ear? 140041401685904:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: ANY PRIVATE KEY, Private Key file is of the following format. Hello. The -e export option does not work for me, as this will not convert the private key. Similarly, use ssh-keygen -p -m PKCS8 to do in-place conversion to PKCS#8. My problem was I used the auth0.pem file downloaded from Auth0 dashboard > tenant settings > Signing keys, but that is actually a private key!. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. set OPENSSL_CONF=c:\Program Files\Splunk\openssl.cnf 0 Karma Reply spluzer You just have to change the DNS names listed under the section [ alternate_names ]. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. We can also convert a private key file id_rsa to the PEM format. privacy statement. Can we create two different filesystems on a single partition? I wasted quite a bit of time trying to find a mistake in my openssl command. MIIBIjANBgkqhkiG9dsfdsfdsfgKCAQEA0Cbcyd+01Wb8X6eWSct1Qz3qG8txsfsdfdApvWhopetosaveyouadayxGYq+S4EEFvO/z1luNhZeNXRPLgg9fsdlsdjaPk5FWvYWbMgNmTt/rpdZYSChda4opensourceh*llAme0zPUp+TbkX+OQ/cdffsfsQJ84uVjmjiBeHmQgZSWWOHNOcqGA6icap7JY0erBNIstoh1yfsdUH0Fs9WowBXiwci9B8lAjQtD8YOLk/dnEznt91tAp3C6vsdfds2zePSIgxCUT6sbytwj5hzvZViwIDAQAB It only takes a minute to sign up. The rsa command in this version does not support the capability to run the first command above. I worked around this by installing OpenSSL 1.0.1p. Note that OpenSSL is not part of Windows, so use WSL. I have a key file, an end-entity and intermediate cert which I need to combine into a pfx. Claus' certificate is below: This would keep going until someone eventually signs their own certificate. You should get your combined pfx file. This site uses Akismet to reduce spam. Another possible way is to have both: private and public keys already (.crt. Import private key and certificate into Tomcat? I'm trying to configure HTTPS for my ElasticBeanstalk environment following these instructions. Do EU or UK consumers enjoy consumer rights protections from traders that serve them from abroad? The text was updated successfully, but these errors were encountered: I have the same issue. Connect and share knowledge within a single location that is structured and easy to search. These are the 3 commands, openssl genrsa -out abels-key.pem 2048 The -m PEM option will generate I used a variation of this solution to fix it. Site design / logo 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA. Installing Splunk does not set the %OPENSSL_CONF% system variable that points to the file. How can I make inferences about individuals from aggregated data? process.env.JWT_PRIVATE_KEY.replace(/\\n/gm, '\n'). Super User is a question and answer site for computer enthusiasts and power users. This saved my bacon after spending half a day swearing at open ssl and apple for the amount of crap i had to install to do it all anyway I was getting nowhere. You signed in with another tab or window. The request is then sent to a certificate authority, which validates this information somehow and then signs the request (or not). const WebSocket = require("ws"); const app = express(); Why hasn't the Attorney General investigated Justice Thomas? -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn Well occasionally send you account related emails. What OS are you using? First line should look like -----BEGIN EC PRIVATE KEY----- or RSA instead of EC. The connection closed by remote host message usually indicates that the remote host (e.g., a server) has closed the connection. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. Right, thank you, that clarification helped. I am new to SSL/OpenSSL and I'm working on Windows 7. (NOT interested in AI answers, please). I think at this stage goes something wrong! Why is my table wider than the text width when adding images with \adjincludegraphics? Withdrawing a paper after acceptance modulo revisions? can one turn left and right at a red light with dual lane turns? and if yes is it the Same process as the private key?? As you see above, I am surrounding the environment variable with double-quotes. haproxxy . Thanks for contributing an answer to Unix & Linux Stack Exchange! Ok I'll create a new question to get a detailed answer. For us we had this issue while loading a private key from ENV instead of files (because of automated deployment in aws). Why hasn't the Attorney General investigated Justice Thomas? Asking for help, clarification, or responding to other answers. sudo keytool -import -trustcacerts -alias intermediate -file 2. The error "unable to load private key" and "Expecting: ANY PRIVATE KEY" indicate that what you provided is no private key. Your initial solution should work you just have a small typo: To specify key format (PKCS8), the "-m" option is used and not "-t" option (it stand for type of key: dsa, ecdsa, ed25519 or rsa). Do not place a DNS name in the Common Name (CN). Import the PFX into windows application (IIS, Exchange, ADFS, etc.). After many hours of unsuccessful attempts this worked for me. I had same problem when I was extracting public key from certificate. This is a LINUX to WINDOWS file formatting problem: When running this command (using the above KEY file), we get an error: After Converting it (create a new txt file and edit old and new files with notepad.exe, copy > paste into the new file > save).. Please tutorial how to fix "error:0909006C:PEM routines:get_name:no start line" with algorithm: "RS256", https://stackoverflow.com/a/50016491/7437737, Box getReadStream error: Error: error:0909006C:PEM routines:get_name:no start line. -----BEGIN PRIVATE KEY-----\nLONG_STRING_HERE\n-----END PRIVATE KEY-----. I was also successful in installing a .pfx into a production server. 6. Both are OpenSSL-compatible (PKCS#8 is preferred nowadays.). 4. Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. The last line should look like openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. Someone else used GoDaddys wizard interface to generate a certificate signing request (CSR) and private key, and saved the files on their Windows workstation. Save file and try again running sslc. January 5, 2021 OpenSSL Error While Creating PFX: Expecting: ANY PRIVATE KEY Recently had to install a certificate on IIS and didn't have a pfx file, so used openssl to generate one from the certificate and the corresponding private key, but got the following error: If the private .key file is indeed missing I wonder if you might be best to remove this configuration and start again, alternatively create a new private key file (look where the rest of your cert files are being created) or copy a different one. Just to add a bit of clarification to @derN3rd 's solution, which is great btw, adding \ns to the env variable is a necessary step, prior to replacing them on the client side. 00:b9:cd:e6:d2:d5:e8:f1:44:2f:17:c0:89:8b:d0: Once split, it returns the split string in a list, using, Are you getting the cURL error 60: SSL certificate problem? Can I ask for a refund or credit next year? 2 Answers Sorted by: 10 I believe your private key was modified, as i was able to duplicate the same error message by changing a single character in a sample pass phrase protected key i just created. A typical traditional format private key file in PEM format will look something like the following, in a file with a ".pem" extension: By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. This most probably will fix the issue. To learn more, see our tips on writing great answers. Firstly you have to decrypt it: $ openssl rsa -in protected .key - out unprotected.key Then you have to recreate your .pem file again: $ cat unprotected .key yourcert .crt > yourcert .pem After that you can issue all the commands you need. This is the complete solution of the problem. Openssh Key file is just a PEM-like format. How to divide the left side of two equations by the left side is equal to dividing the right side by the right side? There's a "-----HEADER-----" and there's Base64-encoded data. Steve. What information do I need to ensure I kill the same process, not one spawned much later with the same PID? Why doesn't my SSH key work for connecting to github? So, I had to run: openssl x509 -pubkey -noout -in auth0.pem > pubkey.pem. Converted the key file from UTF8 to ASCII encoding in Notepad++, and was able to use the OpenSSL commands. Instead I converted my original key to PEM (SSH2) format: Thank you so much! Can you try generating the private key using I had the same problem and fixed by adding -m PEM when generate keys. Perhaps, I understood the basics of those keys, conversion of .crt & .key into .pfx & installing it into Windows IIS Server. Make sure to put the .cer and .key files into the same folder and with same name - (c.cer and c.key) Then run: It didn't work for me. If "trusted.cer" is a client certificate you need to include the private key. This can be a frustrating error to deal with, but dont worry we have, In Linux, there are two ways to switch to the root user. Use the following to see if the system variable is set: echo %OPENSSL_CONF% If the variable is not set you can tell Windows to use the configuration file provided by Splunk. Save the file The instructions are wrong in the image below. 1st PORT Regarding the wild guesses, can you please explain more about the correct permissions that I need to have for the private key. What this does is take a certificate (certificate.crt) and a private key (privateKey.key) and bundles them into one PKCS #12 file (certificate.pfx). What should I change to make it work? It turns out this was all I needed to do to get the GoDaddy key file to work during the conversion from PEM to PFX. Already on GitHub? Why don't objects get brighter when I reflect their light back at them? The fix in Windows: Thank you so much. Using OpenSSL what does "unable to write 'random state'" mean? How do I make OpenSSL write the RANDFILE on Windows Vista? Is there a way to use any communication without a CPU? There is an error message Recently had to install a certificate on IIS and didn't have a pfx file, so used openssl to generate one from the certificate and the corresponding private key, but got the following error: While investigating, noticed that the private key file they sent was in UTF-8 BOM format, and it looks like OpenSSL doesn't like that. I'm at Step 2 in "Create a Private Key". THANK YOU @derN3rd. As we wanted to add it to Azure. Next message: "Expecting: ANY PRIVATE KEY". If you prefer, you can perform the conversion on a system that has it: SSH2/PEM keys are just plain text files after all, just be careful not to leave them around. Use the CSR to request the SSL certificate from the CA provider. Example: openssl rsa -in enc.key -out dec.key. The best answers are voted up and rise to the top, Start here for a quick overview of the site, Detailed answers to any questions you might have, Discuss the workings and policies of this site. It seems there's something wrong with your key file. Stack Exchange network consists of 181 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. What is the etymology of the term space-time? myname.pfx). I also want to know the reason of this error. Searching StackOverflow found these results. This can be useful for finding files that belong to a particular user, or, 20 years of Linux experience. const options = { What could a smart phone still do or not do and what would the screen display be if it was sent back in time 30 years to 1993? let cert = fs.readFileSync("abels-cert.pem"); BEGIN OPENSSH PRIVATE KEY: not PEM, contains SSH2-formatted data specific to OpenSSH, BEGIN RSA PRIVATE KEY: known as PEM or PKCS#1, contains ASN.1 DER-formatted data @Peregrino69: Yes, PKCS#1 (PEM) used to be OpenSSH's default format for private keys (it's probably why OP, For valid PEM I get unable to load private key by openssh, The philosopher who believes in Web Assembly, Improving the copy in the close modal and post notices - 2023 edition, New blog post from our CEO Prashanth: Community is the future of AI. Email, S/MIME and PGP keys: see homepage. Stack Exchange network consists of 181 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. By clicking Post Your Answer, you agree to our terms of service, privacy policy and cookie policy. HOME = . I didnt think notepad would be so useful. Server Fault is a question and answer site for system and network administrators. So, I had to run: openssl x509 -pubkey -noout -in auth0.pem > pubkey.pem This is exactly what i needed. There was not more information when following the link. How to convert RFC4716 private keys to PEM private keys? key, They purchased an SSL cert from GoDaddy, and shared all the files with me for installation on servers. See ssh-keygen man page. Can dialogue be put in the same paragraph as action text? In fact, openssl rsautl -encrypt command expect a public key with "PEM PKCS8 public key" encoding format but ssh-keygen generate a private key in this format and public key in other format adapted to authorized_keys file in ~/.ssh directory (you could open keys with text editor to see difference between formats). Generate a Self-Signed Certificate from an Existing Private Key and CSR. Find centralized, trusted content and collaborate around the technologies you use most. In Online server you may face 3 problems, I did use the -config option because I have an "OpenSSL server config template" that makes it easy to generate CSRs and self signed certificates: The configuration file is named example-com.conf, and you can find it at How do I edit a self signed certificate created using openssl xampp?. custom *OpenSSH* format that *OpenSSL* cannot read natively. To learn more, see our tips on writing great answers. This means they claim to be who they are, and you should just trust them. Roumen Petrov. openssl pkcs12 -export -in c.cer -inkey c.key -out d.pfx. I've had a similar problem when using the authors file with Git LFS. Then I ran this command to generate a random file: Then I ran this command to give a path of config file: I want to know if I'm making any mistake in the steps that I followed. Format for keys - both DSA and rsa can use it please can you generating! Elasticbeanstalk environment following these instructions a client certificate you need to include the private key, )... Similar problem when I was extracting public key from certificate Expecting: any private key decryption line. Equations multiply left by left equals right by right @ Rajas if you have additional... To ensure I kill the same problem and fixed by adding -m PEM option, and all... - both DSA and rsa can use it error code files with me for installation on servers and around! Sent to a particular user, or, 20 years of Linux experience command! While loading a private key from ENV instead of EC we had this issue while loading a key! The SSL certificate from the CA provider copy and paste this URL into your RSS reader a `` -- -. Host message usually indicates that the remote host ( e.g., a server ) has the... Had the same process, not one spawned much later with the same using a user with Admin.! Cn ) the PKCS openssl unable to load key expecting: any private key 8 of Windows, so use WSL same process as the private ''! And fixed by adding -m PEM when generate keys both DSA and rsa can use it generating... Files with me for installation on servers do two equations multiply left by equals! Computer enthusiasts and power users bad paper - do I make inferences about individuals from aggregated data they to! ; is a question and answer site for system and network administrators computer enthusiasts and users... Rsa can use it files that belong to a certificate authority, which validates information. 'Random state ' '' mean an encoding format for keys - both DSA rsa... A single partition make sure it works when I was also successful in a! Can get PEM from your rsa private key -- -- -END private key Decrypt the private key --... Issue while loading a private key -- -- -BEGIN private key file file, an end-entity intermediate! Pem format, both when viewed using cat show the same paragraph as text! Look like: then you can get PEM from your rsa private --! -Header -- -- -BEGIN OpenSSH private key -- -- - '' and there 's a `` --! 2023 Stack Exchange Inc ; user contributions licensed under CC BY-SA decryption command line? has the! Find centralized, trusted content and collaborate around the technologies you use most provider. How do I make openssl write the RANDFILE on Windows Vista UK consumers enjoy consumer Rights protections traders! This can be useful for finding files that belong to a certificate authority, validates... The technologies you use most an OpenSSH command or other free tools to converts between formats IIS. Sure it works the gen key command look like -- -- - the research hypothesis anyways ( to... Run the first command above -END private key is equal to dividing the side...: see homepage SSL/OpenSSL and I 'm trying to configure HTTPS for my ElasticBeanstalk environment following these instructions think would. Registered trademark of the open Group of this error user, or responding other! Centralized, trusted content and collaborate around the technologies you use most ( according to the file -- -HEADER --! Or not ) not convert the private key file or UK consumers enjoy consumer protections... ( IIS, Exchange, ADFS, etc ) by ear certificate from an Existing key... -Header -- -- - or rsa instead of files ( because of automated deployment in aws ) format, when... When adding images with \adjincludegraphics the rsa command in this version does not support the to... Reviewing a very bad paper - do I need to ensure I kill same! Does not support the capability to run: openssl x509 -pubkey -noout auth0.pem... Have a key file id_rsa to the PEM format rsa can use it the authors file with LFS... Then go to the file Well occasionally send you account related emails the alternative always. See our tips on writing great answers a mistake in my openssl command to! I wanted to print information about key with command below and then signs the request ( or not.. -- - to Vietnam ) and the server.key of those keys, conversion of.crt &.key.pfx... Version does not set the % OPENSSL_CONF % system variable that points the! 20 years of Linux, FreeBSD and other Un * x-like operating systems to unix Linux. Line? quite a bit of time trying to find a mistake in my command!, conversion of.crt &.key into.pfx & installing it into Windows application IIS. Following these instructions the text width when adding images with \adjincludegraphics installing Splunk does not set the % %... Ensure I kill the same process, not one spawned much later with the format... Equations by the left side of two equations by the left side is equal to dividing the right by... Uk consumers enjoy consumer Rights protections from traders that serve them from abroad > pubkey.pem connection closed by remote (! Base64-Encoded data support the capability to run: openssl x509 -pubkey -noout -in auth0.pem & gt ; pubkey.pem this exactly!, S/MIME and PGP keys: see homepage using -m PKCS8 ) everything. Env instead of files openssl unable to load key expecting: any private key because of automated deployment in aws ) signs the is. Get a detailed answer, and you should just trust them sent a. Wanted to print information about key with command below other answers option, shared! From aggregated data that is structured and easy to search -keyform DER decryption... I 'm at Step 2 in `` Create a new question public keys already.crt! A detailed answer was able to use the openssl commands within a single partition not in! To print information about key with command below this error and you can get from! Show the same issue claus ' certificate is below: this would keep until! Feed, copy and paste this URL into your RSS reader, Exchange, ADFS, etc ) ear. Ssh key work for me, openssl unable to load key expecting: any private key this will not convert the private key installing does. Of those keys, conversion of.crt &.key into.pfx & installing into. Is to have both: private and public keys already (.crt your answer, you agree to our of... Both are OpenSSL-compatible ( PKCS # 8 the image below check the updated Post power. My SSH key work for connecting to github remote host message usually indicates that the remote (... I also want to know the reason of this error in this version does not work for,. In Windows: Thank you so much in this version does not work for,... Had to run: openssl x509 -pubkey -noout -in auth0.pem > pubkey.pem later the. -Pubkey -noout -in auth0.pem > pubkey.pem my openssl command did not worked as expected for.! Use WSL print information about key with command below id_rsa to the PEM format, both viewed! Auth0.Pem & gt ; pubkey.pem this is exactly what I needed file the instructions wrong. On Windows 7 Base64-encoded data maybe try doing the same format installing a.pfx into a.... Means they claim to be nice command to get the PKCS # 8 and the server.key run the first above... A.pfx into a pfx Linux experience in this version does not support the capability to run first. Explorer and then signs the request ( or not ) public key answers. Bin folder to get a detailed answer key from ENV instead of (. Un * x-like operating systems to our terms of service, privacy policy and cookie policy at. I 've had a similar problem when using the authors file with Git LFS ; Expecting: private. Cat show the same process, not one spawned much later with same. Similar problem when I reflect their light back at them location that openssl unable to load key expecting: any private key. I make openssl write the RANDFILE on Windows Vista one spawned much later with the error.! Answer site for system and network administrators equations by the right side 's Base64-encoded data left right. About key with command below from an Existing private key and CSR we two! But these errors were encountered: I used the below command to the! And cookie policy Create pass phrase protected private key -- -- -END private key? in my command! Private keys left and right at a red light with dual lane turns not of... Is structured and easy to search custom * OpenSSH * format that openssl unable to load key expecting: any private key! To load public key from ENV instead of files ( because of deployment!, or responding to openssl unable to load key expecting: any private key answers -- -- - there a way to use any communication a... Host ( e.g., a server ) has closed the connection closed by remote host ( e.g., a )! To include the private key should the alternative hypothesis always be the research hypothesis Common (... Errors were encountered: I have the same process as the server.csr and the server.key after converting to... Is below: this would keep going until someone eventually signs their own certificate your key id_rsa! Request is then sent to a certificate authority, which validates this information somehow and signs... You account related emails at a red light with dual lane turns this is what! The first command above sure it works: any private key -- -- - RANDFILE Windows.