unable to load Private Key 6312:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY

无法加载私钥 6312:error:0906D06C:PEM 例程:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY

I ran your commands on OS X, and I could not reproduce the results.

我在 OS X 上运行了您的命令，但无法重现结果。

I diduse the -configoption because I have an "OpenSSL server config template" that makes it easy to generate CSRs and self signed certificates:

我确实使用了该-config选项，因为我有一个“OpenSSL 服务器配置模板”，可以轻松生成 CSR 和自签名证书：

$ mkdir test
$ cd test
$ openssl req -new -key privatekey.pem -out csr.pem -config example-com.conf

The configuration file is named example-com.conf, and you can find it at How do I edit a self signed certificate created using openssl xampp?. Edit it to suit your taste (in particular, the DNS names).

配置文件名为example-com.conf，您可以在如何编辑使用 openssl xampp 创建的自签名证书？. 编辑它以适合您的口味（特别是 DNS 名称）。

If interested, here's the OpenSSL man pages on the reqsub-command.

如果感兴趣，这里是req子命令的 OpenSSL 手册页。

I checked the generated key and it looks like

-----BEGIN RSA PRIVATE KEY-----
{lots of characters}
-----END RSA PRIVATE KEY-----

我检查了生成的密钥，它看起来像

-----BEGIN RSA PRIVATE KEY -----
{很多字符}
-----END RSA PRIVATE KEY -----

You can validate the key you just created with:

您可以使用以下方法验证刚刚创建的密钥：

$ openssl rsa -in privatekey.pem -inform PEM -text -noout
Private-Key: (2048 bit)
modulus:
    00:b0:91:ce:57:28:0f:5c:3a:c3:29:d7:23:6a:71:
    ca:64:49:fc:24:ea:69:a3:09:d6:49:94:17:b9:09:
    65:fa:5a:10:47:a4:9b:b8:cd:6d:32:74:19:8d:5c:
    79:92:f0:a6:43:9c:75:a3:7b:ef:c4:c3:d9:c2:db:
    b9:bd:ec:14:a8:b1:52:73:8f:56:c8:5c:16:08:56:
    ff:c2:2b:35:3c:0a:0f:34:d0:91:c1:54:7e:72:e8:
    97:bf:ea:46:69:5f:e4:21:8d:7a:f5:a5:6b:6a:e8:
    00:56:bc:02:f6:b4:ae:6e:89:a6:50:aa:5b:2f:d8:
    7d:99:04:61:51:76:b3:5e:9e:30:52:99:54:26:e2:
    3a:54:ec:78:34:e6:9a:b7:c2:58:5c:51:3d:39:52:
    d4:6e:0c:6e:a1:a0:a5:f1:4d:5a:f5:0b:1a:6e:dc:
    f3:bb:0d:d0:53:51:b0:1a:04:ee:86:35:d5:f3:8b:
    0d:bc:19:61:6c:0c:b2:7b:a9:7c:47:97:01:bb:a2:
    6a:74:d9:19:e9:df:60:07:d4:95:4c:83:f8:3b:84:
    c2:b8:3d:b9:a7:34:0a:9b:a3:c6:70:cc:ef:de:f4:
    64:88:f1:56:d3:2a:fd:5a:82:88:96:66:93:6c:a0:
    b8:ec:e4:4c:e8:76:5c:9c:fc:c4:60:72:b6:9a:3f:
    98:a3
publicExponent: 65537 (0x10001)
privateExponent:
    00:87:ab:f1:65:ac:e5:68:93:ca:64:3a:e7:fe:a1:
    62:c7:7e:c5:dc:c3:b5:d9:cd:f4:36:e3:30:fb:40:
    0a:78:bc:7d:67:df:46:bc:50:34:88:a1:07:05:44:
    ba:31:ba:f1:b6:5f:e1:50:76:29:bd:02:54:2f:d2:
    cf:bc:ec:4a:cf:78:39:07:8c:6b:3d:56:ec:a3:09:
    de:49:9f:13:af:87:77:39:b8:cd:56:45:0b:48:56:
    0a:4c:2f:c2:5c:b3:8e:c2:6d:48:be:b9:95:79:36:
    bd:13:e8:31:4a:c9:78:82:7d:08:2b:51:4a:f1:cf:
    a2:6a:52:20:49:0d:31:34:10:88:02:d7:a7:07:70:
    32:b5:f5:8c:cc:d4:b2:8d:b9:aa:bb:33:82:1a:74:
    bd:4d:4f:e9:e0:cc:f2:27:fb:98:34:2c:77:56:6f:
    88:3a:66:32:5d:7d:57:c6:5b:63:39:fa:32:04:9d:
    e3:cc:a5:b6:44:91:fd:7d:d1:b6:2d:16:47:59:81:
    3d:cf:d9:a7:58:2a:d6:61:5d:c6:69:3b:7a:70:50:
    4f:80:f4:d9:fb:c8:7d:5e:44:9e:ac:c8:e6:aa:49:
    c3:d6:df:6b:03:68:25:a3:2b:89:8f:9a:35:3a:58:
    7d:71:b4:08:d9:04:7b:b9:96:17:f3:a5:19:c5:07:
    4e:c1
prime1:
    00:d7:d0:d8:8c:b5:86:ed:0e:06:70:c9:54:00:25:
    d7:8c:e4:65:51:1b:c5:ba:33:c2:02:1a:dc:80:a6:
    ae:8e:1e:e8:c0:b7:04:11:5a:e3:98:52:8f:4a:7a:
    43:b8:e8:1b:c8:d6:d3:b2:dc:70:59:a5:ca:83:bb:
    35:f1:6c:f5:cb:d0:f4:04:5e:aa:7c:d0:ec:d7:4a:
    d5:1c:7c:e2:67:e4:e8:17:95:9b:4e:2b:a0:26:74:
    61:d0:a0:15:27:18:e5:84:b5:54:ef:be:82:35:7e:
    78:e0:49:6b:4e:ae:93:53:a0:81:a3:8e:de:d3:e5:
    dc:c5:ba:03:36:14:47:97:03
prime2:
    00:d1:72:3b:f5:34:b1:11:78:b2:79:f4:3e:d7:be:
    bf:cc:b3:09:ea:24:a4:cc:7f:64:73:96:d2:48:9e:
    55:bc:79:23:c2:d9:80:81:7d:a4:a5:4b:43:33:8e:
    62:04:ec:8d:22:d7:43:5e:41:b6:4d:e9:b0:cc:70:
    63:17:70:93:88:81:f5:84:a6:3f:2b:98:33:a3:69:
    53:11:c7:95:8c:30:ea:e8:58:c7:77:10:b4:a8:f5:
    bf:5e:cf:e1:99:bb:b3:4e:57:d2:4c:f7:73:de:8a:
    98:8e:7c:26:37:6c:e4:77:c6:d2:ed:5d:53:a7:15:
    c3:9c:67:61:d3:24:9a:f5:e1
exponent1:
    00:83:34:59:e2:b9:9d:8c:d2:e1:01:82:b4:89:de:
    77:bc:15:42:af:5b:c6:0a:dc:da:8e:f3:0b:a9:3f:
    2c:92:04:a2:96:3e:ed:bf:2b:55:80:ce:78:84:db:
    ed:fe:25:46:77:04:7b:f1:9a:68:c7:67:ae:c6:05:
    73:d7:11:da:21:0e:28:bb:db:5d:a4:c2:53:aa:d3:
    b8:da:37:e6:61:29:5e:1c:b0:7c:99:ba:96:03:aa:
    ef:a8:a9:1a:13:09:e4:c7:98:82:49:ba:b5:68:96:
    3a:20:89:22:2e:d4:9d:86:d2:e6:dd:ab:c7:36:65:
    e1:a1:67:e3:f9:e5:bc:5c:47
exponent2:
    00:81:6d:b9:55:8f:09:39:05:c0:2d:12:dd:5e:cf:
    56:91:35:b6:93:c5:af:3d:5c:20:04:3a:18:9a:9d:
    95:d7:d1:78:62:e9:ab:ba:d9:9c:cc:34:95:43:9f:
    e2:3c:ae:bd:8c:e1:3f:95:58:c0:42:a7:7e:04:e8:
    12:a4:22:82:59:22:0e:49:b9:be:61:bf:3d:71:e7:
    1d:59:68:5f:a6:f1:77:c8:bb:4c:0f:ec:f7:e7:4d:
    6d:c4:36:6c:70:67:08:a8:0a:27:40:3e:ce:90:a0:
    4f:24:05:de:4b:f3:f3:bf:7c:d3:4d:b1:95:87:34:
    30:dc:4f:1a:a9:b2:fe:3b:a1
coefficient:
    6d:51:b3:6e:87:8d:aa:f0:55:c4:22:21:62:a9:ea:
    24:b3:b7:91:40:f5:78:5d:f1:40:45:7e:0d:a2:a3:
    54:46:ba:42:33:b6:cd:57:a1:85:bc:3d:ba:1c:eb:
    87:33:a9:e9:63:1e:7c:2c:89:98:b9:0f:4b:e8:c4:
    79:bd:00:6a:f5:3e:ea:63:f1:9e:aa:47:35:5a:22:
    fc:4e:e3:61:7e:eb:dc:a6:c0:2c:d5:fd:22:9f:01:
    59:32:15:db:41:99:b7:a8:c1:eb:1e:42:c7:1b:c7:
    c8:56:86:a8:34:fe:1c:48:b6:6e:f1:c1:5c:96:bf:
    9d:fa:e5:4c:d0:2a:d9:09

unable to write 'random state'

无法写入“随机状态”

This is a well known problem. OpenSSL uses a default configuration file. You can locate the configuration file with correct location of openssl.cnf file.

这是一个众所周知的问题。OpenSSL 使用默认配置文件。您可以使用openssl.cnf 文件的正确位置找到配置文件。

The default configuration file includes these lines:

默认配置文件包括以下几行：

$ cat /usr/local/ssl/macosx-x64/openssl.cnf 
...
HOME            = .
RANDFILE        = $ENV::HOME/.rnd
...

To save the random file, you should point HOMEand RANDFILEto a valid location. On Windows, you type set HOME=...and set RANDFILE=...in the command prompt. Or better, change it in the OpenSSL configuration file you use.

要保存随机文件，你应该指向HOME和RANDFILE一个有效的位置。在 Windows 上，您在命令提示符中键入set HOME=...和set RANDFILE=...。或者更好的是，在您使用的 OpenSSL 配置文件中更改它。

Also see How to fix “unable to write 'random state' ” in openssland How do I make OpenSSL write the RANDFILE on Windows Vista?.

另请参阅如何在 openssl 中修复“无法写入‘随机状态’”和如何让 OpenSSL 在 Windows Vista 上写入 RANDFILE？.

I'm trying to configure HTTPS for my ElasticBeanstalk environment following these instructions.

我正在尝试按照这些说明为我的 ElasticBeanstalk 环境配置 HTTPS。

The instructions are wrong in the image below. Do not place a DNS name in the Common Name (CN).

下图中的说明是错误的。不要在通用名称 (CN) 中放置 DNS 名称。

Placing a DNS name in the Common Name is deprecated by both the IETF (the folks who publish RFCs) and the CA/B Forums (the cartel where browsers and CAs collude). You should pay articular attention to what the CA/B recommends because Browsers and CAs come up with those rules, and the browsers follow them (and they don't follow the RFCs). For reference, see RFC 5280, RFC 6125and the CA/B Baseline Requirements.

IETF（发布 RFC 的人）和 CA/B 论坛（浏览器和 CA 勾结的卡特尔）都反对将 DNS 名称放在通用名称中。您应该特别注意 CA/B 推荐的内容，因为浏览器和 CA 提出了这些规则，并且浏览器遵循它们（并且它们不遵循 RFC）。如需参考，请参阅RFC 5280、RFC 6125和CA/B 基线要求。

Instead, place DNS names in the Subject Alternate Name (SAN). Both the IETF and CA/B specifies it.

相反，将 DNS 名称放在主题备用名称 (SAN) 中。IETF 和 CA/B 都指定了它。

The custom OpenSSL configuration file handles this for you. You just have to change the DNS names listed under the section [ alternate_names ]. For example, here's a set of names set up for the domain example.com. Notice there is no DNS name in the CN:

自定义 OpenSSL 配置文件会为您处理此问题。您只需更改 部分下列出的 DNS 名称[ alternate_names ]。例如，这是为域设置的一组名称example.com。请注意，CN 中没有 DNS 名称：

[ subject ]
...
commonName          = Common Name (e.g. server FQDN or YOUR name)
commonName_default      = Example Company

[ alternate_names ]

DNS.1       = example.com
DNS.2       = www.example.com
DNS.3       = mail.example.com
DNS.4       = ftp.example.com

Can you check if you have appropriate permissions when you run both the commands? Maybe try doing the same using a user with Admin Rights.

当你运行这两个命令时，你能检查一下你是否有适当的权限吗？也许尝试使用具有管理员权限的用户执行相同操作。

Also make sure the created file privatekey.pem has appropriate permissions before executing the command below (Use chmod if necessary)

在执行以下命令之前，还要确保创建的文件 privatekey.pem 具有适当的权限（如有必要，请使用 chmod）

 openssl req -new -key privatekey.pem -out csr.pem

Submitting this as answer as I don't have enough reputation to comment.

将此作为答案提交，因为我没有足够的声誉发表评论。

I believe the root of the problem is the error

我相信问题的根源是错误

unable to write 'random state' e is 65537 (0x10001)

unable to write 'random state' e is 65537 (0x10001)

Searching StackOverflow found these results. I would stress that you run the openssl program as sudoor directly as root to avoid any possible permissions issues.

搜索 StackOverflow 找到了这些结果。我要强调的是，您sudo以 root身份或直接以 root身份运行 openssl 程序，以避免任何可能的权限问题。

The fix in Windows: https://stackoverflow.com/a/12522479/3765769

Windows 中的修复：https: //stackoverflow.com/a/12522479/3765769

In Linux: https://stackoverflow.com/a/94458/3765769

在 Linux 中：https: //stackoverflow.com/a/94458/3765769