Re: issues converting the iis.cer to iisx509.cer format

Sun, 05 Dec 2010 03:03:34 -0800 

Did iis.cer get generated properly? Can you post the contents of iis.cer
file?

Man page of the x509 utility says,

"
       The PEM format uses the header and footer lines:

        -----BEGIN CERTIFICATE-----
        -----END CERTIFICATE-----

       it will also handle files containing:

        -----BEGIN X509 CERTIFICATE-----
        -----END X509 CERTIFICATE-----

       Trusted certificates have the lines

        -----BEGIN TRUSTED CERTIFICATE-----
        -----END TRUSTED CERTIFICATE-----
"
If it does not find any of the above header and footer lines, it throws the
error that you are seeing. Or, is the file in some other format (DER??).

-Sandeep

On Fri, Dec 3, 2010 at 8:59 AM, Sudershan Raj <brajna...@gmail.com> wrote:

> Hi Folks,
> I have been using the OpenSSL for more than a year and never had any issues
> creating ssl certificates. However, I am getting error while converting the
> iis.cer to iisx509.cer format. Can you please provide me the solution. Below
> is the error
>
>
> This is the error I am getting while generating the certificate.
>
>
>
> C:\ssl>openssl ca -policy policy_anything -config openssl.conf -cert
> certs/ca.ce
>
> r -in requests/certreq.txt -keyfile keys/ca.key -days 9999 -out
> certs/iis.cer
>
> Using configuration from openssl.conf
>
> Loading 'screen' into random state - done
>
> Enter pass phrase for keys/ca.key:
>
> Check that the request matches the signature
>
> Signature ok
>
> The Subject's Distinguished Name is as follows
>
> countryName           :PRINTABLE:'US'
>
> stateOrProvinceName   :PRINTABLE:'TX'
>
> localityName          :PRINTABLE:'Dallas'
>
> organizationName      :PRINTABLE:'company name'
>
> organizationalUnitName:PRINTABLE:'company name'
>
> commonName            :PRINTABLE:'schedulertest.domainname.com'
>
> Certificate is to be certified until Bad time value (9999 days)
>
> Sign the certificate? [y/n]:y
>
>
>
>
>
> 1 out of 1 certificate requests certified, commit? [y/n]y
>
> Write out database with 1 new entries
>
> Data Base Updated
>
>
>
> C:\ssl>openssl x509 -in certs/iis.cer -out certs/iisx509.cer
>
> unable to load certificate
>
> 4944:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:.\crypto\pem\pem_lib
>
> .c:647:Expecting: TRUSTED CERTIFICATE
>
>
>
> C:\ssl>
>
>
>
> Thanks
>
> Raj
>

Reply via email to