> From: owner-openssl-us...@openssl.org On Behalf Of dutchman1 > Sent: Tuesday, 03 November, 2009 15:42
> I'm trying to parse a DER cert that seems to be invalid. I > can parse it but > not load it or convert it into a PEM file. Is there a way to > find out what's > wrong with the file? > > Thanks in advance! > > openssl x509 -inform der -in ..\certs\cert1.crt -out ..\ > certs\cert1.pem <snip error: "too long" in (eventually) X509_NAME_ENTRY> > > openssl asn1parse -inform DER -in ..\certs\cert1.crt > 0:d=0 hl=4 l= 912 cons: SEQUENCE > 4:d=1 hl=4 l= 632 cons: SEQUENCE > 8:d=2 hl=2 l= 3 cons: cont [ 0 ] > 10:d=3 hl=2 l= 1 prim: INTEGER :02 > 13:d=2 hl=2 l= 7 prim: INTEGER :010023ED2E897A > 22:d=2 hl=2 l= 13 cons: SEQUENCE > 24:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption > 35:d=3 hl=2 l= 0 prim: NULL > 37:d=2 hl=2 l= 123 cons: SEQUENCE > 39:d=3 hl=2 l= 11 cons: SET > 41:d=4 hl=2 l= 9 cons: SEQUENCE > 43:d=5 hl=2 l= 3 prim: OBJECT :countryName > 48:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US > 52:d=3 hl=2 l= 23 cons: SET > 54:d=4 hl=2 l= 21 cons: SEQUENCE > 56:d=5 hl=2 l= 3 prim: OBJECT :description > Error in encoding > 5180:error:0D07209B:asn1 encoding routines:ASN1_get_object:too > long:.\crypto\asn > 1\asn1_lib.c:142: No you couldn't parse it; you got the same error right there. Dump the file (usually easiest in hex) and look at that point (the second part of issuer DN). If you don't understand it, post a readable dump, or the exact file as an attachment. Usual suspect: was this cert generated on the system where you are using it, or copied from somewhere else, and if so how -- FTP, SFTP, rcp, scp, NFS, SMB, HTTP, email, PKCS7/CMS/SMIME, etc. -- and is the original copy usable? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
