trouble with SSL on Windows

I haven't used tn5250 in Windows for a while.  I'm trying to
remember how to configure it so I can find out what a user's
problem is (I suspect blocked ports and want to make this as
 simple as possible for the user's test.)

I can't get mine to work locally, though...  I think it might
be because we require a client certificate.

I went to DCM and got a fresh copy of the CA to make sure it
was current.  It was.  I opened my key database and exported
my certificate to make sure it was correct.  I followed the
readme.ssl directions to convert it from p12 to pem.  All I
get is a tn5250 message box, with a title of TN5250, that says
"Unable to open communications stream!"


My trace shows:

tn5250_ssl_stream_init() entered.
SSL Method = SSLv23_client_method()
SSL: Setting password callback
SSL: Loading certificates from certificate file
SSL: Loading private keys from certificate file
3092:error:06065064:digital envelope routines:EVP_DecryptFinal:bad 
decrypt:.\crypto\evp\evp_enc.c:277:
3092:error:0906A065:PEM routines:PEM_do_header:bad 
decrypt:.\crypto\pem\pem_lib.c:452:
3092:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:missing asn1 
eos:.\ssl\ssl_rsa.c:707:


sporter3 {
        host = ssl:as400
        env.DEVNAME = SPORTER3
        ssl_ca_file = \progra~1\tn5250\server.pem
        ssl_cert_file = \progra~1\tn5250\sporter.pem
        ssl_pem_pass = mypassword
}


When I compare the original client certificate to the new one, I
see that the original had -----BEGIN RSA PRIVATE KEY----- whereas
the new one does not.  I'm guessing that matches the error, but
I get the same error with the file that contains the key.

The really interesting part is that I use the same files in
tn5250 on Linux, and it works fine.

I installed the 0.17.3 binary from sourceforge.