ssl:无法加载证书 [英] ssl : Unable to load certificate

问题描述

我有2个文件-CSR.csr和newkey.key，它们似乎都是PEM格式，如下所示-

I have 2 files - CSR.csr and newkey.key, both seem to be in PEM format as follows -

-----BEGIN CERTIFICATE REQUEST-----

MIID....

-----END CERTIFICATE REQUEST-----

-----BEGIN RSA PRIVATE KEY-----

MI...

-----END RSA PRIVATE KEY-----

当我尝试读取CSR.csr文件时，出现以下错误:

When I'm trying to read the CSR.csr file, I get the following error :

$ openssl x509 -in CSR.csr -text -noout
unable to load certificate
140518720210760:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE

我了解到，当输入文件为DER格式时，我们会收到此错误，所以我尝试了以下操作-

I read that we get this error when the input file is in DER format, so I tried the following -

$ openssl x509 -inform DER -in CSR.csr -text -noout

但是现在我得到了错误-

but now I get the error -

unable to load certificate
140519053051720:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1320:
140519053051720:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:382:Type=X509

当输入文件已经是PEM格式并且试图以DER格式读取它时，似乎会发生此错误.

And it seems this error occurs when the input file is already in PEM format and one tries to read it in DER format.

由于我是SSL新手，所以真的很困惑如何去做.请帮忙！

Really confused how to go about it as I'm new to SSL. Please help!

推荐答案

问题不是PEM vs. DER，而是您在需要证书的地方使用证书请求. PEM标头-----BEGIN CERTIFICATE REQUEST-----清楚地表明了这一点.

The problem is not PEM vs. DER but that you are using a certificate request in a place where a certificate is expected. This is clearly shown by the PEM header -----BEGIN CERTIFICATE REQUEST-----.

要显示证书请求的内容，请使用

openssl req -in CSR.csr -text

要显示证书的内容，请使用

openssl x509 -in CERT.crt -text

这篇关于ssl:无法加载证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！