Re: Possible problem with PEM encoded X.509 certificate creation

[varoun p]

On Thu, Dec 29, 2011 at 10:58 PM, Philip Guenther <guent...@sendmail.com>
wrote:
> On Thu, 29 Dec 2011, varoun p wrote:
>> Currently on a VirtualBox VM hosted on a Mac OSX Lion:
>> $ uname -prsv
>> OpenBSD 5.0 GENERIC#43 Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz
>> ("GenuineIntel" 686-class)
>> $
>>
>> Creating a PEM encoded, self signed X.509 cert as follows:
>> $ openssl genrsa -out iam.key 1024
>> $ openssl req -new -key iam.key -out iam.csr
>> $ openssl x509 -req -in iam.csr -signkey iam.key -out iam.pem
>>
>> When trying to upload this cert (iam.pem) for use with Amazon Web
>> Services, I get a malformed certificate error.
>> The same sequence of steps when run on Darwin (Darwin 11.0.0 Darwin
>> Kernel Version 11.0.0: Sat Jun 18 12:56:35 PDT 2011;
>> root:xnu-1699.22.73~1/RELEASE_X86_64 i386) or FreeBSD (FreeBSD
>> 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011
>>     r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
>> i386) gives me a working cert that does not error out when trying to
>> use it with AWS.
>
> Since we don't all have access to Darwin and/or FreeBSD, what's the output
> of:
>        openssl x509 -noout -text -in iam.pem
>
> for the unaccepted and accepted certs?
>
>
> Philip Guenther

I created two certs, fbsd-iam.pem was created on a FreeBSD 8.2 host
and obsd-iam.pem was created on an OpenBSD 5.0 host. Both certs were
created using the same sequence of three commands listed earlier. The
cert fbsd-iam.pem was accepted while obsd-iam.pem was rejected with an
error that said 'Malformed certificate'.

The requested output :

sa-mac-varoun:cert-test varoun$ ls
fbsd-iam.pem    obsd-iam.pem
sa-mac-varoun:cert-test varoun$ openssl x509 -noout -text -in fbsd-iam.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            eb:dc:97:63:8c:b1:ae:cc
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Directi,
OU=talk.to, CN=Varoun P/emailAddress=varou...@directi.com
        Validity
            Not Before: Dec 29 18:20:19 2011 GMT
            Not After : Jan 28 18:20:19 2012 GMT
        Subject: C=IN, ST=Karnataka, L=Bangalore, O=Directi,
OU=talk.to, CN=Varoun P/emailAddress=varou...@directi.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:bf:80:94:d4:b7:c4:42:d8:f3:ad:c0:1c:b7:f1:
                    33:0f:f7:64:1b:22:68:70:14:0c:61:88:3d:20:47:
                    c6:10:97:c0:96:ce:ed:c9:96:41:f2:34:16:dd:15:
                    fb:ca:b2:ca:65:6f:50:68:f0:7b:34:30:ae:11:b9:
                    43:33:99:f3:d4:d2:03:12:06:8c:85:6b:e9:97:fe:
                    38:b6:e6:8a:39:c0:b6:33:92:3b:0c:ac:43:72:f2:
                    a2:bc:ba:d4:71:42:2c:da:40:28:1d:28:8f:a9:f2:
                    54:db:f1:e3:2a:5e:f1:e4:2e:71:24:54:51:86:d6:
                    3c:e6:9b:ec:a9:40:6b:67:25
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        54:0f:14:46:56:c3:f0:b7:85:aa:66:1c:3d:5e:b7:a1:b5:c0:
        3a:98:14:74:ef:6a:54:ad:d5:4b:c6:db:b6:2e:c8:a5:aa:1f:
        9d:db:33:c8:dd:46:81:9b:9d:73:b9:81:71:ac:0c:c6:d9:14:
        52:61:b7:6a:e0:62:87:72:98:26:a6:a0:15:3f:bc:4e:02:81:
        97:3a:86:6f:3c:a2:6f:9e:d8:9b:17:27:ef:af:e2:27:5a:18:
        f0:a4:32:35:70:1c:23:16:34:e6:e1:48:09:e8:33:08:de:f2:
        f5:57:25:a9:cf:1f:19:e5:4b:5d:57:6f:38:a7:76:98:53:46:
        3d:cc
sa-mac-varoun:cert-test varoun$ openssl x509 -noout -text -in obsd-iam.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            d9:da:50:80:12:fb:05:2e
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Directi,
OU=talk.to, CN=talk.to/emailAddress=varou...@directi.com
        Validity
            Not Before: Dec 29 23:55:50 2011 GMT
            Not After : Jan 28 23:55:50 2012 GMT
        Subject: C=IN, ST=Karnataka, L=Bangalore, O=Directi,
OU=talk.to, CN=talk.to/emailAddress=varou...@directi.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:ea:28:24:b2:19:96:fd:27:ac:3d:5c:b1:41:cd:
                    68:0b:3d:17:40:b8:28:75:14:64:40:55:54:cc:dd:
                    52:31:7a:c2:e1:65:9b:21:fc:32:7c:74:94:57:90:
                    b2:b8:e5:dd:f6:b7:b0:d6:87:b6:60:91:22:e7:bb:
                    57:ce:10:0b:c8:f5:9b:d8:94:0b:bb:d9:df:f1:4c:
                    6b:5a:10:b1:79:00:7e:9c:11:66:bf:7c:3b:2b:5f:
                    f9:f5:20:22:30:6e:f1:23:4a:a2:d3:16:38:80:d6:
                    d6:a6:e5:15:7b:bb:22:38:00:0b:9f:ef:c7:98:55:
                    0b:c8:59:ab:60:0d:16:34:15
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
        30:b5:f6:4c:cd:f3:67:e1:ec:31:8b:e2:72:ef:54:09:f8:52:
        4b:55:0b:30:1d:58:ba:db:a7:3b:cb:52:cd:d4:95:d2:2f:ca:
        e5:45:33:e9:55:2e:d6:c6:2b:91:ca:ea:53:47:bf:ca:6d:45:
        cf:c8:94:1d:1c:02:3e:2c:ce:79:c3:82:2d:bb:a5:08:a7:f3:
        79:34:ef:13:42:13:f8:3e:78:a8:38:72:75:4d:83:9e:a5:8b:
        d2:5b:f3:99:4e:3f:72:25:c7:df:85:1b:12:9f:98:9b:6c:72:
        94:fd:cb:10:3a:ec:52:d6:bb:27:37:14:15:13:d3:ce:ab:07:
        f4:7c
sa-mac-varoun:cert-test varoun$


I've also attached both certs to this email.

-- varoun

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of fbsd-iam.pem]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of obsd-iam.pem]