How can I find out the type of an SSL certificate?
Solution 1
Try to import that certificate to some NSS store. For example to Firefox, which is using NSS. It's other implementation of SSL (in fact the 1st one) and you can see attributes of certificate... of course if you succeed with import. Otherwise you got some wrong certificate.
Solution 2
be sure you have NO FINAL CARRIAGERETURN after the last dash on the last line:
AAAxAAAAAAAAAA==
-----END CERTIFICATE-----
and not
AAAxAAAAAAAAAA==
-----END CERTIFICATE-----
.
( please ignore the dot :)
Solution 3
Be sure to include the
. -------BEGIN------
and
. ----END----
parts exactly as they were sent to you.
also note that the begin should be the first line and end the last. There should be no surrounding white space. And finally... If you are dealing with a windows machine in the mix somewhere there is a chance that the newline (\n) had a (\r) added by the windows system. A hex editor is likely the quickest way to check for that.
Related videos on Youtube
Samuel Rossille
Updated on September 18, 2022Comments
-
Samuel Rossille over 1 year
I received by email from my certification authority a certificate that begins like that:
-----BEGIN CERTIFICATE----- MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCBWMwggRLoAMC
and ends like this:
14lWAyMfs77oOghZtOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ AAAxAAAAAAAAAA== -----END CERTIFICATE-----
I received it by email, and I copy / pasted the certificate part in a test.cer file (I quadruple - checked that I copy / pasted exactly the right part)
When I try to use it in Apache 2, I have the following error:
[Mon Sep 30 23:15:36.754820 2013] [ssl:emerg] [pid 7544:tid 444] AH02241: Init: Unable to read server certificate from file C:/projects/test-ssl/test.cer [Mon Sep 30 23:15:36.754820 2013] [ssl:emerg] [pid 7544:tid 444] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Sep 30 23:15:36.754820 2013] [ssl:emerg] [pid 7544:tid 444] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509) [Mon Sep 30 23:15:36.754820 2013] [ssl:emerg] [pid 7544:tid 444] AH02312: Fatal error initialising mod_ssl, exiting.
After a little research, I found out that the cause could be that the certificate is corrupt, so in order to check it, I tested it with
C:\Apache24\bin\openssl.exe x509 -in test.cer -text
and I get a similar error:
unable to load certificate 8100:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1319: 8100:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:381:Type=X509_CINF 8100:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:.\crypto\asn1\tasn_dec.c:751:Field=cert_info, Type=X509 8100:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:.\crypto\pem\pem_oth.c:83:
I'm not an expert in SSL but I doubt the certification authority (Symantec) send me a corrupt certificate.
Any idea what could be wrong with this certificate ? Could it be in a different format that I'm not aware of?
-
David Schwartz over 10 yearsAdd
-inform PEM
to your command. Make sure you leave in theBEGIN
andEND
lines.
-