Unable to load certificate in openssl
33,336
Is server.pem actually a certificate? Run
grep '^-----.*CERTIFICATE' server.pem
You should see the beginning and ending of the certificate:
server.pem:-----BEGIN CERTIFICATE-----
server.pem:-----END CERTIFICATE-----
If you don't see this output, you are not using a valid certificate.
Also, I note that you are running the following unusual command:
openssl s_server -cert server.pem -www
This command does:
s_server- starts a very basic openssl server-cert server.pem- uses the certificate server.pem-www- "sends a status message back to the client when it connects. This includes lots of information about the ciphers used and various session parameters. The output is in HTML format so this option will normally be used with a web browser."
openssl s_server is generally only used for for debugging. Why are you using openssl s_server? What are you trying to accomplish?
Related videos on Youtube
11 : 04
OpenSSL Step By Step Tutorial | How to Generate Keys, Certificates & CSR Using OpenSSL
01 : 37
Unable to load certificate in OpenSSL
01 : 44
DevOps & SysAdmins: Unable to load certificate in openssl
03 : 05
unable to load SSL certificate from PEM file
02 : 34
HAProxy unable to load SSL certificate from PEM file
Author by
Sahithi
Updated on September 18, 2022Comments
-
Sahithi over 1 year
In Ubuntu when i was trying to execute
openssl s_server -cert server.pem -wwwI get the following messageunable to load certificate 3074300104:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATEPlease help.
-
Stefan Lasiewski over 11 yearsWelcome to Serverfault Sahithi. You will get a better response if you clean up the question a bit. I recommend making the subject more descriptive and something that people can understand.
-
Stefan Lasiewski over 11 yearsAnd state what you are trying to accomplish. Are you really trying to implement a generic SSL/TLS server which listens for connections on a given port using SSL/TLS (From the
s_servermanpage). -
Sahithi over 11 yearsYes Stefan . Am trying to launch the web server using server.pem file which should contain key and certificate. And I Am trying to access the server using the following URL: PKILabServer.com:4433
-
Stefan Lasiewski over 11 yearsMost people use Apache or NGINX to serve SSL content.
openssl s_serveris generally only used for for debugging. Why are you usingopenssl s_server? What are you trying to accomplish?
-
-
Sahithi over 11 yearswhen i ran it ..I got -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
-
Sahithi over 11 yearsserver.pem contains certficate and key .
-
Stefan Lasiewski over 11 years@Sahithi, as your command output shows, the file does not contain the certificate and key.
server.pemonly contains the key, and thus-certis correct when it saysunable to load certificate. There is no certificate. -
Sahithi over 11 yearsI have two files server.key and server.crt . Itried to put them in a file server.pem using %cp server.key server.pem % cat server.crt >> server.pem
-
Sahithi over 11 yearsI also checked ...grep '^-----' server.crt..But the beginning and ending of the certificate was not displayed. Is there a problem with the certificate?
-
Stefan Lasiewski over 11 yearsProbably. Most PEM certificates contain those lines. But, please doublecheck that you are running the right command. Are you really trying to use
opensslas a server? (see my comment above). -
Sahithi over 11 yearsYes am using Open SSL
