Skip to content


Neither PUB key nor PRIV key:: nested asn1 error #42

mreinsch opened this Issue · 15 comments

9 participants


After updating from 0.2.7 to 0.2.8, I now get the following error message when making requests to Paypal:

internal server error: Neither PUB key nor PRIV key:: nested asn1 error


More details:

Error Message:
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key:: nested asn1 error

[GEM_ROOT]/gems/paypal_adaptive-0.2.8/lib/paypal_adaptive/request.rb, line 89
tc commented

This is the last commit that might have caused it:

@tonyla any thoughts?


+1 I've just had the same issue. Have reverted back to using the previous version for now.


What's the relevant portion of the paypal_adaptive.yml?


That should point to the cert_key_pem.txt that is downloaded through the paypal developer interface. It will contain a section that specifies the RSA private key and another section that specifies a certificate.

Sounds like the error is either the ssl_cert_file parameter code is being run for a bad config value or the cert_key_pem.txt is incorrect/bad.


Also getting this error after the update.

ssl_cert_file pointed to a generic cacert.pem file, not the one I downloaded from a PayPal Developer Interface. That's not an RSA private key, so I'm guessing it can't make an PKey::RSA object from it.


@josephers are you using a generic ssl_cert_file = cacert.pem in conjunction with the signature method of authenticating with Paypal?

If so I didn't realize this was common practice. I was under the impression the ssl_cert_file was strictly for the cert method provided by Paypal for authenticating api requests. If this is the case it is a relatively easy fix to separate these 2 methods.


I get the op error too. 0.2.7 works fine.

If there's a way to get 0.2.8 working can someone explain how to do it without using a certificate?


Same issue, any solution yet?


The gem is still loading a cacert.pem file automatically even if it's not defined (in paypal_adaptive/lib/paypal_adaptive/config.rb, line 46).

So @ssl_cert_file will never be nil, even if I don't set it in the config. But the default file supplied with the gem is not an OpenSSL::PKey, so it throws an error.
A solution would be to remove the autoloading of @ssl_cert_file. I've submitted a pull request.

@tc tc closed this in 87d40dc
tc commented

Will make a release later tonight.


@tc have you release bug fixed version? I just intall gem & still getting same error
Error : Neither PUB key nor PRIV key:: nested asn1 error
paypal_adaptive (0.2.8) lib/paypal_adaptive/request.rb:89:in `initialize'



I'm also getting this error in 0.2.9 when I attempt to provide a cert_key_pem.txt file:

paypal_adaptive (0.2.9) lib/paypal_adaptive/request.rb:93:in `initialize': Neither PUB key nor PRIV key:: nested asn1 error

Is the solution simply not to use a cert_key_pem.txt file now? Is this true for production (Paypal Live API) credentials?

tc commented

can you try again with 0.3.0?


Looks like it's resolving for me with 0.3.0!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.