RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1 from Peter Robinson on 2003-01-21 (squid-users)

From: Peter Robinson <peterr@dont-contact.us>
Date: Wed, 22 Jan 2003 13:20:03 +0800

When I run the following command I get the following.

[root@www squid]# openssl x509 -noout -text -in intranet.crt
unable to load certificate
23088:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting an asn1
sequence:x_cinf.c:106:address=135765866 offset=0
23088:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
error:x_x509.c:103:address=135765864 offset=2
23088:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:

But the key appears ok and the key was used to generate the csr, anu ideas?

Peter

> Perhaps the larger size is how verisign adds value and
> therefore fetches
> such a large fee.
>
> But seriously, do you get any errors using openssl to see the
> details of
> the cert?
>
>
>
> --
> Waitman C. Gobble, II
> EMK Design +1.7145222528 http://emkdesign.com
> Public Key http://pgp.emkdesign.com
> Yahoo Messenger ID waitmangobble
>
> -----Original Message-----
> From: Peter Robinson [mailto:peterr@opensystems.net.au]
> Sent: Tuesday, January 21, 2003 7:06 PM
> To: waitman@emkdesign.com; squid-users@squid-cache.org
> Subject: RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1
>
> > > Hi All,
> > >
> > > I'm having a problems with a SSL Certificate on 2.5.STABLE1 I have
> > > previously had a test cert that has been working fine, we then
> > generated
> > > a key and CSR to get a real cert and I'm now having
> > problems with it.
> > >
> > > 2003/01/22 10:26:46| Initialising SSL.
> > > 2003/01/22 10:26:46| Using certificate in /etc/squid/intranet.crt
> > > FATAL: Failed to acquire SSL certificate:
> > error:0D0A2007:asn1 encoding
> > > routines:d2i_X509_CINF:expecting an asn1 sequence
> >
> >
> > Are you sure the crt file is correct?
> >
> > How did you create the file? Using vim? Open a console, type
> >
> > vi intranet.crt
> >
> > If you see any weird characters in there, like ^M, that is
> likely the
> > problem.
>
> Thanks for your response. I created the file by using vi and ppasting
> the
> cert from the email into vi, there aren't any ^Ms as the file
> is in unix
> format. The certificate seems to be longer than the other certificates
> that
> i have on the server 50 lines as opposed to 15 - 30 for the
> other certs.
>
> Regards
> Peter
>
>
>
Received on Tue Jan 21 2003 - 22:14:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:46 MST