On Wed Feb 10 21:59:12 2016, [email protected] wrote: > Version: "OpenSSL 1.1.0-pre2 (alpha) 14 Jan 2016" > > Command: "openssl x509 -inform der -in sample_ekcert.der" > > Result: > "unable to load certificate > 140618483803816:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal > padding:a_int.c:223: > 140618483803816:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:tasn_dec.c:648:Field=serialNumber, Type=X509_CINF > 140618483803816:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:tasn_dec.c:648:Field=cert_info, Type=X509" >
As the error is suggesting it doesn't like the serialNumber in the certificate. If you check it with asn1parse it says "BAD INTEGER". Using dumpasn1 you get: 13 20: INTEGER 00 59 DF E1 E2 94 81 88 77 C5 3E E2 D3 2F 2B A2 BB 5F EB DA : Error: Integer '00 59 ...' has non-DER encoding. The problem is that is an invalid encoding. An ASN.1 INTEGER cannot contain leading zeroes. OpenSSL 1.0.2 and earlier tolerated this but 1.1.0 is stricter. What was the certificate generated with? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4301 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
