From: [EMAIL PROTECTED] On Behalf Of Alan Arthur Sent: Friday, 03 October, 2008 13:54
I'm trying to convert a .cer to a .pem by using the following command at command line. openssl x509 -in verisignintermediatecert.cer -inform d -out speedscript_new.pem When running this command I get the following output: unable to load certificate 15369:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:947: 15369:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X509 Any ideas on what I could be doing wrong? Your file isn't (just) a DER-encoded certificate. Could it have been damaged in transmission? Or some data added, or deleted? How did you get it? HTTP? FTP +mode? email attachment +mediatype/encoding? cut&paste? Can you check the filesize (in bytes) matches the source? If e.g. MD5 of them match? Do you know it is valid at the source? Is it in current use there? Could it have been mistakenly overwritten or modified somehow? Was it newly-generated (especially it it's a cert for you) or pre-existing? To check it's at least valid DER-encoded SOMETHING try: openssl asn1parse -in yourfile -inform der Could it be a PKCS7 'carrier' CONTAINING the cert? (That's not the same thing as the cert itself. In PEM the dashed header line indicates which is which, but DER doesn't have that.) Or even a PKCS12 'bag', although that would be an odd choice for JUST a cert.
