Stuggi
Reputation: 215
OpenSSL: Unable to Load Certificate
Problem
OpenSSL complains that it can't load a certificate
Example:
openssl x509 -in certificate.crt -text -noout
unable to load certificate
Upvotes: 1
Views: 14930
Answers (1)
Stuggi
Reputation: 215
The issue is that OpenSSL for some reason can't parse a certificate if there are extra new lines in the certificate file, even though some other implementations can do it just fine. Check that your certificate looks like this:
-----BEGIN CERTIFICATE-----
RmluZCBhIGhvYmJ5IGZvciBHb2QncyBzYWtlLiBEaWQgeW91IHRoaW5rIEkgd291bGQgcHV0IGEgcmVhbCBjZXJ0aWZpY2F0ZSBoZXJlPyAKCkxvcmVtIGlwc3VtIGRvbG9yIHNpdCBhbWV0LCBjb25zZWN0ZXR1ciBhZGlwaXNjaW5nIGVsaXQuIFF1aXNxdWUgbGFvcmVldCBzZWQgbnVuYyBpZCBmYXVjaWJ1cy4gUGVsbGVudGVzcXVlIHByZXRpdW0sIHR1cnBpcyBuZWMgbW9sbGlzIGVsZWlmZW5kLCBsaWJlcm8gZXN0IGV1aXNtb2QganVzdG8sIGVnZXQgdGluY2lkdW50IGxpYmVybyBudWxsYSBhIGxvcmVtLiBEdWlzIG1hbGVzdWFkYSB0dXJwaXMgdXQgbW9sbGlzIGdyYXZpZGEuIEN1cmFiaXR1ciBhYyBuZXF1ZSBlbmltLiBWaXZhbXVzIGZldWdpYXQgZXJvcyBub24gbmliaCBjb25ndWUgc2VtcGVyIGVnZXQgaWQgZXJvcy4gUGhhc2VsbHVzIGlkIG51bmMgbmVjIG1ldHVzIHZpdmVycmEgZWZmaWNpdHVyLiBNYXVyaXMgc2VkIGVsaXQgZmluaWJ1cywgdmVoaWN1bGEgbmlzaSBpZCwgY29tbW9kbyBsaWd1bGEuIEludGVnZXIgc2FnaXR0aXMgbmVxdWUgdmVsIHRvcnRvciBmZXVnaWF0LCBhIGFjY3Vtc2FuIGVyb3MgZGFwaWJ1cy4gU2VkIGF1Z3VlIG1hZ25hLCBjb25zZWN0ZXR1ciBhYyBqdXN0byBpbiwgdHJpc3RpcXVlIGN1cnN1cyBuZXF1ZS4gTmFtIHZlc3RpYnVsdW0gYWMgbGFjdXMgcXVpcyBvcm5hcmUuIEFlbmVhbiBhYyBiaWJlbmR1bSBuaXNsLiBBbGlxdWFtIG9kaW8gbGVvLCBwb3J0YSB1dCBzb2RhbGVzIHNpdCBhbWV0LCBoZW5kcmVyaXQgdmVsIG5pYmguIFByb2luIGlhY3VsaXMgZGljdHVtIHVybmEgZWdldCB0ZW1wdXMuCgpRdWlzcXVlIHNlZCB2ZWhpY3VsYSBhbnRlLiBRdWlzcXVlIHV0IGxpYmVybyBtYXhpbXVzIGVuaW0gc2NlbGVyaXNxdWUgdGVtcG9yIHNlZCBzZWQgdmVsaXQuIFF1aXNxdWUgbmlzbCB2ZWxpdCwgdGluY2lkdW50IHNlZCBsb3JlbSBpZCwgY29tbW9kbyB2b2x1dHBhdCBlc3QuIE51bmMgYXQgZW5pbSBmZXVnaWF0LCBjb25zZXF1YXQgbG9yZW0gYWMsIHJ1dHJ1bSBkdWkuIE1hZWNlbmFzIHRyaXN0aXF1ZSBwbGFjZXJhdCBwdXJ1cyBldSBzb2xsaWNpdHVkaW4uIExvcmVtIGlwc3VtIGRvbG9yIHNpdCBhbWV0LCBjb25zZWN0ZXR1ciBhZGlwaXNjaW5nIGVsaXQuIERvbmVjIG5vbiBjdXJzdXMgZXN0LCBuZWMgY29udmFsbGlzIGVyYXQuIFBoYXNlbGx1cyBldCBibGFuZGl0IGxlbywgdmVsIGNvbnNlY3RldHVyIGR1aS4gRnVzY2UgdHJpc3RpcXVlLCBuaXNsIGEgdmVoaWN1bGEgZnJpbmdpbGxhLCBmZWxpcyBkaWFtIHZlbmVuYXRpcyBlc3QsIGEgbHVjdHVzIGZlbGlzIGVsaXQgYXQgc2FwaWVuLiBFdGlhbSBpbXBlcmRpZXQgaW4gYXVndWUgaWQgaWFjdWxpcy4gQ3VyYWJpdHVyIGlhY3VsaXMgbmlzaSBtYWduYSwgZXUgY29tbW9kbyBsZWN0dXMgYmxhbmRpdCBhdC4gRG9uZWMgcG9ydGEgbGVvIHNlZCBtYWduYSBzdXNjaXBpdCwgdXQgZWdlc3RhcyBlbGl0IGFjY3Vtc2FuLiBQcmFlc2VudCBhbGlxdWFtIG1ldHVzIGluIG1hdXJpcyBhbGlxdWFtLCBhIHRpbmNpZHVudCBlbmltIGZpbmlidXMuIENyYXMgZWxlbWVudHVtIGF1Y3RvciBtaSBzaXQgYW1ldCB2aXZlcnJhLiBBbGlxdWFtIGNvbmd1ZSBzZW1wZXIganVzdG8gdmVsIG9ybmFyZS4gUHJvaW4gdmVzdGlidWx1bSBzYXBpZW4gaW4gZmF1Y2lidXMgbHVjdHVzLgoKVXQgY29uc2VxdWF0IGxhY3VzIGF0IHZlbGl0IHZhcml1cyBvcm5hcmUuIE51bmMgZHVpIHNlbSwgZmV1Z2lhdCBpbiB0aW5jaWR1bnQgdmVsLCB0ZW1wb3IgcXVpcyBtaS4gQ3JhcyBldCBldWlzbW9kIGVyYXQuIFBoYXNlbGx1cyBldSBleCBwb3J0YSwgb3JuYXJlIGlwc3VtIGF0LCBsYWNpbmlhIGxpZ3VsYS4gQWxpcXVhbSBkaWFtIGxlbywgY29uZ3VlIHZlbmVuYXRpcyBvZGlvIGlkLCBhdWN0b3IgZWdlc3RhcyBlbGl0LiBNYWVjZW5hcyB2b2x1dHBhdCBmZXVnaWF0IHZlbGl0LCBlZ2V0IGNvbnNlcXVhdCBtYXNzYSBwb3J0dGl0b3IgYXQuIFV0IGVsZW1lbnR1bSBsYWNpbmlhIHNhcGllbiBpZCBjb252YWxsaXMuIEN1cmFiaXR1ciBtYWxlc3VhZGEgdGVtcHVzIG51bmMuIFByb2luIGVnZXQgbmlzaSB2ZWwgdHVycGlzIHNvZGFsZXMgcHVsdmluYXIgZWdldCBpZCBhdWd1ZS4gRG9uZWMgYWMgc2FwaWVuIGRhcGlidXMsIGVsZWlmZW5kIGxlbyB2aXRhZSwgdGluY2lkdW50IGVyYXQuCgpNYXVyaXMgcXVpcyBtYXNzYSBsb3JlbS4gU3VzcGVuZGlzc2UgcG90ZW50aS4gTWF1cmlzIHZlc3RpYnVsdW0gdG9ydG9yIGFjIG5pc2wgYmxhbmRpdCBjb25ndWUuIERvbmVjIHZpdmVycmEgdmVzdGlidWx1bSBxdWFtIGV1IGxvYm9ydGlzLiBWaXZhbXVzIHV0IHRlbXBvciBzYXBpZW4uIE5hbSBmcmluZ2lsbGEgcGVsbGVudGVzcXVlIGFyY3Ugbm9uIHJob25jdXMuIEFsaXF1YW0gdGluY2lkdW50LCB2ZWxpdCB2b2x1dHBhdCB0aW5jaWR1bnQgc3VzY2lwaXQsIGVyYXQgYW50ZSBydXRydW0gbWFnbmEsIGEgYmxhbmRpdCBqdXN0byBudWxsYSB1dCBhcmN1LiBTZWQgYSBlbGVtZW50dW0gdG9ydG9yLiBQZWxsZW50ZXNxdWUgY29uZGltZW50dW0gc2FwaWVuIGluIHNhcGllbiBzY2VsZXJpc3F1ZSwgbm9uIGZlcm1lbnR1bSBuaWJoIHJ1dHJ1bS4gUHJhZXNlbnQgc2NlbGVyaXNxdWUgZmVsaXMgbmliaCwgaWQgZmluaWJ1cyBzYXBpZW4gcHVsdmluYXIgYWMuCgpTdXNwZW5kaXNzZSBwb3RlbnRpLiBOdWxsYW0gYWMganVzdG8gdXQgbmliaCB2YXJpdXMgbWF0dGlzLiBOdWxsYSBwdWx2aW5hciwgbWFzc2EgY29uc2VxdWF0IGxhY2luaWEgZGFwaWJ1cywgbmlzaSB0dXJwaXMgcG9ydHRpdG9yIGFudGUsIGEgdnVscHV0YXRlIG5pc2kgbGVjdHVzIGluIG51bGxhLiBEb25lYyBmYXVjaWJ1cyB0b3J0b3Igdml0YWUgbGliZXJvIGNvbnNlcXVhdCBjb25zZXF1YXQuIERvbmVjIG5lYyBtYWduYSBldSBsYWN1cyBldWlzbW9kIGNvbnNlcXVhdC4gVmVzdGlidWx1bSBtb2xsaXMsIHRvcnRvciBzaXQgYW1ldCBydXRydW0gbWF4aW11cywgbWFnbmEgZHVpIHVsdHJpY2llcyBmZWxpcywgcXVpcyBkaWduaXNzaW0gYXVndWUgbGFjdXMgcXVpcyBsb3JlbS4gTWFlY2VuYXMgc29kYWxlcyBzZWQu
-----END CERTIFICATE-----
And not like this:
-----BEGIN CERTIFICATE-----
RmluZCBhIGhvYmJ5IGZvciBHb2QncyBzYWtlLiBEaWQgeW91IHRoaW5rIEkgd291bGQgcHV0IGEgcmVhbCBjZXJ0aWZpY2F0ZSBoZXJlPyAKCkxvcmVtIGlwc3VtIGRvbG9yIHNpdCBhbWV0LCBjb25zZWN0ZXR1ciBhZGlwaXNjaW5nIGVsaXQuIFF1aXNxdWUgbGFvcmVldCBzZWQgbnVuYyBpZCBmYXVjaWJ1cy4gUGVsbGVudGVzcXVlIHByZXRpdW0sIHR1cnBpcyBuZWMgbW9sbGlzIGVsZWlmZW5kLCBsaWJlcm8gZXN0IGV1aXNtb2QganVzdG8sIGVnZXQgdGluY2lkdW50IGxpYmVybyBudWxsYSBhIGxvcmVtLiBEdWlzIG1hbGVzdWFkYSB0dXJwaXMgdXQgbW9sbGlzIGdyYXZpZGEuIEN1cmFiaXR1ciBhYyBuZXF1ZSBlbmltLiBWaXZhbXVzIGZldWdpYXQgZXJvcyBub24gbmliaCBjb25ndWUgc2VtcGVyIGVnZXQgaWQgZXJvcy4gUGhhc2VsbHVzIGlkIG51bmMgbmVjIG1ldHVzIHZpdmVycmEgZWZmaWNpdHVyLiBNYXVyaXMgc2VkIGVsaXQgZmluaWJ1cywgdmVoaWN1bGEgbmlzaSBpZCwgY29tbW9kbyBsaWd1bGEuIEludGVnZXIgc2FnaXR0aXMgbmVxdWUgdmVsIHRvcnRvciBmZXVnaWF0LCBhIGFjY3Vtc2FuIGVyb3MgZGFwaWJ1cy4gU2VkIGF1Z3VlIG1hZ25hLCBjb25zZWN0ZXR1ciBhYyBqdXN0byBpbiwgdHJpc3RpcXVlIGN1cnN1cyBuZXF1ZS4gTmFtIHZlc3RpYnVsdW0gYWMgbGFjdXMgcXVpcyBvcm5hcmUuIEFlbmVhbiBhYyBiaWJlbmR1bSBuaXNsLiBBbGlxdWFtIG9kaW8gbGVvLCBwb3J0YSB1dCBzb2RhbGVzIHNpdCBhbWV0LCBoZW5kcmVyaXQgdmVsIG5pYmguIFByb2luIGlhY3VsaXMgZGljdHVtIHVybmEgZWdldCB0ZW1wdXMuCgpRdWlzcXVlIHNlZCB2ZWhpY3VsYSBhbnRlLiBRdWlzcXVlIHV0IGxpYmVybyBtYXhpbXVzIGVuaW0gc2NlbGVyaXNxdWUgdGVtcG9yIHNlZCBzZWQgdmVsaXQuIFF1aXNxdWUgbmlzbCB2ZWxpdCwgdGluY2lkdW50IHNlZCBsb3JlbSBpZCwgY29tbW9kbyB2b2x1dHBhdCBlc3QuIE51bmMgYXQgZW5pbSBmZXVnaWF0LCBjb25zZXF1YXQgbG9yZW0gYWMsIHJ1dHJ1bSBkdWkuIE1hZWNlbmFzIHRyaXN0aXF1ZSBwbGFjZXJhdCBwdXJ1cyBldSBzb2xsaWNpdHVkaW4uIExvcmVtIGlwc3VtIGRvbG9yIHNpdCBhbWV0LCBjb25zZWN0ZXR1ciBhZGlwaXNjaW5nIGVsaXQuIERvbmVjIG5vbiBjdXJzdXMgZXN0LCBuZWMgY29udmFsbGlzIGVyYXQuIFBoYXNlbGx1cyBldCBibGFuZGl0IGxlbywgdmVsIGNvbnNlY3RldHVyIGR1aS4gRnVzY2UgdHJpc3RpcXVlLCBuaXNsIGEgdmVoaWN1bGEgZnJpbmdpbGxhLCBmZWxpcyBkaWFtIHZlbmVuYXRpcyBlc3QsIGEgbHVjdHVzIGZlbGlzIGVsaXQgYXQgc2FwaWVuLiBFdGlhbSBpbXBlcmRpZXQgaW4gYXVndWUgaWQgaWFjdWxpcy4gQ3VyYWJpdHVyIGlhY3VsaXMgbmlzaSBtYWduYSwgZXUgY29tbW9kbyBsZWN0dXMgYmxhbmRpdCBhdC4gRG9uZWMgcG9ydGEgbGVvIHNlZCBtYWduYSBzdXNjaXBpdCwgdXQgZWdlc3RhcyBlbGl0IGFjY3Vtc2FuLiBQcmFlc2VudCBhbGlxdWFtIG1ldHVzIGluIG1hdXJpcyBhbGlxdWFtLCBhIHRpbmNpZHVudCBlbmltIGZpbmlidXMuIENyYXMgZWxlbWVudHVtIGF1Y3RvciBtaSBzaXQgYW1ldCB2aXZlcnJhLiBBbGlxdWFtIGNvbmd1ZSBzZW1wZXIganVzdG8gdmVsIG9ybmFyZS4gUHJvaW4gdmVzdGlidWx1bSBzYXBpZW4gaW4gZmF1Y2lidXMgbHVjdHVzLgoKVXQgY29uc2VxdWF0IGxhY3VzIGF0IHZlbGl0IHZhcml1cyBvcm5hcmUuIE51bmMgZHVpIHNlbSwgZmV1Z2lhdCBpbiB0aW5jaWR1bnQgdmVsLCB0ZW1wb3IgcXVpcyBtaS4gQ3JhcyBldCBldWlzbW9kIGVyYXQuIFBoYXNlbGx1cyBldSBleCBwb3J0YSwgb3JuYXJlIGlwc3VtIGF0LCBsYWNpbmlhIGxpZ3VsYS4gQWxpcXVhbSBkaWFtIGxlbywgY29uZ3VlIHZlbmVuYXRpcyBvZGlvIGlkLCBhdWN0b3IgZWdlc3RhcyBlbGl0LiBNYWVjZW5hcyB2b2x1dHBhdCBmZXVnaWF0IHZlbGl0LCBlZ2V0IGNvbnNlcXVhdCBtYXNzYSBwb3J0dGl0b3IgYXQuIFV0IGVsZW1lbnR1bSBsYWNpbmlhIHNhcGllbiBpZCBjb252YWxsaXMuIEN1cmFiaXR1ciBtYWxlc3VhZGEgdGVtcHVzIG51bmMuIFByb2luIGVnZXQgbmlzaSB2ZWwgdHVycGlzIHNvZGFsZXMgcHVsdmluYXIgZWdldCBpZCBhdWd1ZS4gRG9uZWMgYWMgc2FwaWVuIGRhcGlidXMsIGVsZWlmZW5kIGxlbyB2aXRhZSwgdGluY2lkdW50IGVyYXQuCgpNYXVyaXMgcXVpcyBtYXNzYSBsb3JlbS4gU3VzcGVuZGlzc2UgcG90ZW50aS4gTWF1cmlzIHZlc3RpYnVsdW0gdG9ydG9yIGFjIG5pc2wgYmxhbmRpdCBjb25ndWUuIERvbmVjIHZpdmVycmEgdmVzdGlidWx1bSBxdWFtIGV1IGxvYm9ydGlzLiBWaXZhbXVzIHV0IHRlbXBvciBzYXBpZW4uIE5hbSBmcmluZ2lsbGEgcGVsbGVudGVzcXVlIGFyY3Ugbm9uIHJob25jdXMuIEFsaXF1YW0gdGluY2lkdW50LCB2ZWxpdCB2b2x1dHBhdCB0aW5jaWR1bnQgc3VzY2lwaXQsIGVyYXQgYW50ZSBydXRydW0gbWFnbmEsIGEgYmxhbmRpdCBqdXN0byBudWxsYSB1dCBhcmN1LiBTZWQgYSBlbGVtZW50dW0gdG9ydG9yLiBQZWxsZW50ZXNxdWUgY29uZGltZW50dW0gc2FwaWVuIGluIHNhcGllbiBzY2VsZXJpc3F1ZSwgbm9uIGZlcm1lbnR1bSBuaWJoIHJ1dHJ1bS4gUHJhZXNlbnQgc2NlbGVyaXNxdWUgZmVsaXMgbmliaCwgaWQgZmluaWJ1cyBzYXBpZW4gcHVsdmluYXIgYWMuCgpTdXNwZW5kaXNzZSBwb3RlbnRpLiBOdWxsYW0gYWMganVzdG8gdXQgbmliaCB2YXJpdXMgbWF0dGlzLiBOdWxsYSBwdWx2aW5hciwgbWFzc2EgY29uc2VxdWF0IGxhY2luaWEgZGFwaWJ1cywgbmlzaSB0dXJwaXMgcG9ydHRpdG9yIGFudGUsIGEgdnVscHV0YXRlIG5pc2kgbGVjdHVzIGluIG51bGxhLiBEb25lYyBmYXVjaWJ1cyB0b3J0b3Igdml0YWUgbGliZXJvIGNvbnNlcXVhdCBjb25zZXF1YXQuIERvbmVjIG5lYyBtYWduYSBldSBsYWN1cyBldWlzbW9kIGNvbnNlcXVhdC4gVmVzdGlidWx1bSBtb2xsaXMsIHRvcnRvciBzaXQgYW1ldCBydXRydW0gbWF4aW11cywgbWFnbmEgZHVpIHVsdHJpY2llcyBmZWxpcywgcXVpcyBkaWduaXNzaW0gYXVndWUgbGFjdXMgcXVpcyBsb3JlbS4gTWFlY2VuYXMgc29kYWxlcyBzZWQu
-----END CERTIFICATE-----
Another problem might be that your certificate isn't PEM encoded, but instead DER encoded.
In this case, if you open the certificate file in Notepad for example, you will just see a lot of random characters instead of the -----BEGIN CERTIFICATE-----
Upvotes: 1
Related Questions
- ssl : Unable to load certificate
- Php Openssl not loading why?
- openssl Unable to load private key PEM_do_header:bad decrypt
- Failing to load engine in Openssl
- Error creating an SSL Certificate
- unable to load certificate 6300:error:0906D06C:PEM routines:PEM_read_bio:no start line
- OpenSSL error: unable to verify the first certificate
- Openssl certificate request failed
- getting an error while generating ssl certificates
- OpenSSL certificate error