TheFiddlerWins
TheFiddlerWins

Reputation: 922

Certificate created with Ruby SSL is not valid

The certificate opens with Ubuntu's certificate viewer and shows the basic attributes but fails a check with openssl:

openssl x509 -in client.pem -text -noout
unable to load certificate
140037204108960:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:303:
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1     error:tasn_dec.c:772:Field=algorithm, Type=X509_ALGOR
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:772:Field=signature, Type=X509_CINF
140037204108960:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1    error:tasn_dec.c:772:Field=cert_info, Type=X509
140037204108960:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

I think the script is missing some required attributes (algorithm, signature, cert_info?) but I cannot figure out how to add them.

Ok, the answer specifically to this looks like it's because I was not signing the certificate in the script. After adding

cert.sign(ca_key, OpenSSL::Digest::SHA256.new)

I am getting a different error

unable to load certificate
140072361658000:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE

Upvotes: 0

Views: 523

Answers (1)

TheFiddlerWins
TheFiddlerWins

Reputation: 922

If anyone sees this in the future the issue was I was not signing the cert, just creating it. Adding the following fixed the issue.

cert.sign(ca_key, OpenSSL::Digest::SHA256.new)

Upvotes: 1

Related Questions