RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1 from Waitman C. Gobble, II on 2003-01-21 (squid-users)

From: Waitman C. Gobble, II <waitman.mobile@dont-contact.us>
Date: Tue, 21 Jan 2003 21:38:05 -0800

-----Original Message-----
> From: Peter Robinson [mailto:peterr@opensystems.net.au]
> Sent: Tuesday, January 21, 2003 9:20 PM
> To: waitman@emkdesign.com; squid-users@squid-cache.org
> Subject: RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1
>
>
> When I run the following command I get the following.
>
> [root@www squid]# openssl x509 -noout -text -in intranet.crt
> unable to load certificate
> 23088:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting
> an asn1
> sequence:x_cinf.c:106:address=135765866 offset=0
> 23088:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
> error:x_x509.c:103:address=135765864 offset=2
> 23088:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:pem_lib.c:290:

Well, your openssl error suggests that the cert is not in PEM format.
Also, it seems likely that it has nothing to do with Squid...

However I found a couple of interesting articles, it seems that verisign
may send the cert in a pkcs7 wrapper. I haven't bought a verisign cert
before, so I don't have any first hand experience, however you may be
able to do this to get the PEM formatted cert out of the wrapper:

openssl pkcs7 -in intranet.crt -print_certs

Take care,

--
Waitman C. Gobble, II
EMK Design  +1.7145222528 http://emkdesign.com
Public Key            http://pgp.emkdesign.com
Yahoo Messenger ID               waitmangobble

application/x-pkcs7-signature attachment: smime.p7s

Received on Tue Jan 21 2003 - 22:38:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:46 MST