Did iis.cer get generated properly? Can you post the contents of iis.cer file?
Man page of the x509 utility says, " The PEM format uses the header and footer lines: -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- it will also handle files containing: -----BEGIN X509 CERTIFICATE----- -----END X509 CERTIFICATE----- Trusted certificates have the lines -----BEGIN TRUSTED CERTIFICATE----- -----END TRUSTED CERTIFICATE----- " If it does not find any of the above header and footer lines, it throws the error that you are seeing. Or, is the file in some other format (DER??). -Sandeep On Fri, Dec 3, 2010 at 8:59 AM, Sudershan Raj <brajna...@gmail.com> wrote: > Hi Folks, > I have been using the OpenSSL for more than a year and never had any issues > creating ssl certificates. However, I am getting error while converting the > iis.cer to iisx509.cer format. Can you please provide me the solution. Below > is the error > > > This is the error I am getting while generating the certificate. > > > > C:\ssl>openssl ca -policy policy_anything -config openssl.conf -cert > certs/ca.ce > > r -in requests/certreq.txt -keyfile keys/ca.key -days 9999 -out > certs/iis.cer > > Using configuration from openssl.conf > > Loading 'screen' into random state - done > > Enter pass phrase for keys/ca.key: > > Check that the request matches the signature > > Signature ok > > The Subject's Distinguished Name is as follows > > countryName :PRINTABLE:'US' > > stateOrProvinceName :PRINTABLE:'TX' > > localityName :PRINTABLE:'Dallas' > > organizationName :PRINTABLE:'company name' > > organizationalUnitName:PRINTABLE:'company name' > > commonName :PRINTABLE:'schedulertest.domainname.com' > > Certificate is to be certified until Bad time value (9999 days) > > Sign the certificate? [y/n]:y > > > > > > 1 out of 1 certificate requests certified, commit? [y/n]y > > Write out database with 1 new entries > > Data Base Updated > > > > C:\ssl>openssl x509 -in certs/iis.cer -out certs/iisx509.cer > > unable to load certificate > > 4944:error:0906D06C:PEM routines:PEM_read_bio:no start > line:.\crypto\pem\pem_lib > > .c:647:Expecting: TRUSTED CERTIFICATE > > > > C:\ssl> > > > > Thanks > > Raj >