Reputation: 922
The certificate opens with Ubuntu's certificate viewer and shows the basic attributes but fails a check with openssl:
openssl x509 -in client.pem -text -noout
unable to load certificate
140037204108960:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:303:
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=algorithm, Type=X509_ALGOR
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=signature, Type=X509_CINF
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=cert_info, Type=X509
140037204108960:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
I think the script is missing some required attributes (algorithm, signature, cert_info?) but I cannot figure out how to add them.
Ok, the answer specifically to this looks like it's because I was not signing the certificate in the script. After adding
cert.sign(ca_key, OpenSSL::Digest::SHA256.new)
I am getting a different error
unable to load certificate
140072361658000:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
Upvotes: 0
Views: 523
Reputation: 922
If anyone sees this in the future the issue was I was not signing the cert, just creating it. Adding the following fixed the issue.
cert.sign(ca_key, OpenSSL::Digest::SHA256.new)
Upvotes: 1