Search Engine: Elastic

Article ID: 121105, created on Apr 16, 2014, last review on Jun 29, 2016

  • Applies to:
  • Business Automation


The private key is missing in the SSL subscription service parameters.


The CSR and the private key were not generated by PBA, information about the private key is not supposed to be stored in PBA.

When the subscription is purchased, the customer (or the providers staff member) who places an order has two options:

  1. Use already generated CSR.
  2. Leave CSR empty to allow the system to generate it (if an option "Allow generate Private Key and Certificate Request" is enabled, see details in the documentation).

If the option 2 was used, the private key shall be stored in the subscription service parameters. If the already generated CSR was used (option 1), then the private key is not asked when purchasing an SSL. The private key is supposed to be kept privately by a person who generated CSR.

There is no easy way to determine which option was chosen, it is only possible from the sequence of methods/its parameters in BA logs. For example,

  • in BM.log(5.5.x), generic_worker.log (6.0.x) it can seen that the CSR is initially passed as NULL (an example below is for order placed from the providers control panel):

    [14-04-16 12:26:57.579 Worker1.67  RQ24425 NTE] Entering method BM_Container::Worker1.67.PlaceOrder_SaveParams(user = 1, transaction = 24416, SID = 323, lang = en, HP)
    [14-04-16 12:26:57.579 Worker1.67  RQ24425 NTE]         3 input arguments :
                    string: 5
                    string: CSRID
                    string: NULL
  • in CERTENOM.log(5.5.x), generic_worker.log (6.0.x)) an appropriate parameter for private key

    parameter [PKEYID] = <HIDDEN>

    is passed within GetAndCheckPluginServiceParams method. The private key itself does not appears in the log for the security reasons.

Both these example confirm that the CSR was generated by the system and private key shall be present in the service parameters.

In case of already generated CSR there are records like:

[16-06-16 11:48:11.123 BM_Object   RQ527153 TH10373 NTE] Entering method BM.PlaceOrder_SaveParams(user = 1060476, SID = 596895, lang = en, request = 527153, localObject = 0, transaction = 723840 (HP)) 
[16-06-16 11:48:11.123 BM_Object   RQ527153 TH10373 NTE]        21 input arguments: 
                string: 1180 
                string: CSRID 
                string: -----BEGIN CERTIFICATE REQUEST-----  
<csr itself>

198398b282069eaf2d94a6af87dcb3ff caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 dbd9c930a53370cd4abd5c7ff1b5f55c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF