Score:0

unable to load certificate when convert cer to pem

af flag

I am using this openssl OpenSSL 1.0.2k-fips 26 Jan 2017 command to convert cer to pem:

openssl x509 -inform der -in fullchain.cer -out fullchain.pem

but shows error:

unable to load certificate
140025671485328:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140025671485328:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:386:Type=X509

why did this happen? what should I do to fix this problem?

Score:1
us flag
Rob

That error is consistent with an input file that is not in the binary DER format.

I suspect that when you actually look at fullchain.cer it will already be in the PEM format (base64 ASCII encoded) and looks a bit like:

-----BEGIN CERTIFICATE-----
...abcd...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...abcd...
-----END CERTIFICATE----
Dolphin avatar
af flag
what should I do with this certificate? just rename it to pem?@Rob what should I do to make this command work?
us flag
Rob
That or use it "as is". (In linux file extensions are more informational and usually don't the define/limit the function of a file.) None of the applications I know really care if I point them at `fullchain.cer` `fullchain.pem` or `fullchain_of_my_cert` or whatever other file name as long as that file has the right content
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.