Re: [squid-users] Problems with SSL Cert on squid 2.5STABLE1

Have you tried your CA support department asking how to make use of
their issued certificate with an OpenSSL compatible server?

The procedures for Squid certificate issuing/request is the same as for
most other OpenSSL based https:// servers such as Apache mod_ssl and
many others.

Regards
Henrik

Peter Robinson wrote:
>
> When I run the following command I get the following.
>
> [root@www squid]# openssl x509 -noout -text -in intranet.crt
> unable to load certificate
> 23088:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting an asn1
> sequence:x_cinf.c:106:address=135765866 offset=0
> 23088:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
> error:x_x509.c:103:address=135765864 offset=2
> 23088:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290:
>
> But the key appears ok and the key was used to generate the csr, anu ideas?
>
> Peter
>
> > Perhaps the larger size is how verisign adds value and
> > therefore fetches
> > such a large fee.
> >
> > But seriously, do you get any errors using openssl to see the
> > details of
> > the cert?
> >
> >
> >
> > --
> > Waitman C. Gobble, II
> > EMK Design +1.7145222528 http://emkdesign.com
> > Public Key http://pgp.emkdesign.com
> > Yahoo Messenger ID waitmangobble
> >
> > -----Original Message-----
> > From: Peter Robinson [mailto:peterr@opensystems.net.au]
> > Sent: Tuesday, January 21, 2003 7:06 PM
> > To: waitman@emkdesign.com; squid-users@squid-cache.org
> > Subject: RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1
> >
> > > > Hi All,
> > > >
> > > > I'm having a problems with a SSL Certificate on 2.5.STABLE1 I have
> > > > previously had a test cert that has been working fine, we then
> > > generated
> > > > a key and CSR to get a real cert and I'm now having
> > > problems with it.
> > > >
> > > > 2003/01/22 10:26:46| Initialising SSL.
> > > > 2003/01/22 10:26:46| Using certificate in /etc/squid/intranet.crt
> > > > FATAL: Failed to acquire SSL certificate:
> > > error:0D0A2007:asn1 encoding
> > > > routines:d2i_X509_CINF:expecting an asn1 sequence
> > >
> > >
> > > Are you sure the crt file is correct?
> > >
> > > How did you create the file? Using vim? Open a console, type
> > >
> > > vi intranet.crt
> > >
> > > If you see any weird characters in there, like ^M, that is
> > likely the
> > > problem.
> >
> > Thanks for your response. I created the file by using vi and ppasting
> > the
> > cert from the email into vi, there aren't any ^Ms as the file
> > is in unix
> > format. The certificate seems to be longer than the other certificates
> > that
> > i have on the server 50 lines as opposed to 15 - 30 for the
> > other certs.
> >
> > Regards
> > Peter
> >
> >
> >
Received on Fri Jan 24 2003 - 02:40:44 MST