Snowflake: Cannot Create PoolableConnectionFactory (Private Key Provided Is Invalid or Not Supported)

Problem

When the private key is generated using the latest OpenSSL 1.1.1g, there is an underlying issue with the native Java cryptographic libraries used to decrypt this private key that can lead to various exceptions when certain ciphers/algorithms are used to encrypt the private key.

Solution

This issue has multiple solutions depending on your security needs.

1. Generate a key-pair using a cipher suite compatible with our Java crypto libraries

2. Generate a key-pair but do not encrypt the private key

3. Use tools other than OpenSSL

4. Upgrade java to newer version that supports particular secrets key factory, typically Java 21

All four options are described in detail in the Snowflake article Key pair authentication failure due to ObjectIdentifier() or SecretKeyFactory not available errors.

Refer to https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication for information on how to generate a key-pair.

According to the Snowflake JDBC Driver Release Notes, you can also upgrade your JDBC driver to 3.12.13 or higher https://community.snowflake.com/article/Product_Update/client-release-history (bug SNOW-195989), but in this case, go to IBM Support for detailed instructions.

Related Articles

• Dictionary Dataflow Scenario Fails with java.langOutOfMemory: Java heap space

• How to Handle Snowflake Javascript Stored Procedures

• Snowflake: Cannot Create PoolableConnectionFactory (Private Key Provided Is Invalid or Not Supported)

• Snowflake Extraction Error: JDBC Driver Internal Error "Timeout waiting for the download of #chunk0"

• Lineage Missing for Tables Created by CTAS Statement