使用OpenSSL读取证书文件中的Ruby错误 [英] Ruby Error reading in Certificate File with OpenSSL

问题描述

我正在尝试做一个简单的 OpenSSL::X509::Certificate.new(File.read("testuser.p12")) 来自irb的红宝石1.8.7(或1.9.2)，两者的结果相同.我回来的错误是OpenSSL::X509::CertificateError: nested asn1 error

I am trying to do a simple OpenSSL::X509::Certificate.new(File.read("testuser.p12")) from irb with ruby 1.8.7 (or 1.9.2), same result for both. The error I get back is OpenSSL::X509::CertificateError: nested asn1 error

这是红宝石问题，还是表明证书本身格式错误?我发现一些类似的报告围绕着证明这种错误的亚马逊证书而来，事实证明这是该证书本身.它可以在浏览器中运行.有关如何解决此问题的建议?

Is this a ruby issue, or does this suggest the cert itself is malformed? I've found some similar reports revolving around an amazon cert demonstrating such errors, which turned out to be the cert itself. It works in the browser though. Suggestions on how to resolve this?

推荐答案

"testuser.p12"似乎是PKCS#12文件.将PKCS#12格式读取为X.509证书格式会导致ASN.1解码错误.

"testuser.p12" seems to be a PKCS#12 file according to the postfix. Reading PKCS#12 format as X.509 certificate format causes ASN.1 decoding error.

您应该改为使用OpenSSL::PKCS12.new(File.read("testuser.p12")).如果文件受密码保护(正常)，则将密码作为PKCS12.new的第二个参数，例如OpenSSL::PKCS12.new(File.read("testuser.p12"), "pass")

You should do OpenSSL::PKCS12.new(File.read("testuser.p12")) instead. If the file is protected with passphrase (it's normal), give the passphrase as the second parameter for PKCS12.new like OpenSSL::PKCS12.new(File.read("testuser.p12"), "pass")

您可以通过PKCS12#certificate和PKCS12#ca_certs方法提取证书和CA证书.

You can extract certificate and CA certificates by PKCS12#certificate and PKCS12#ca_certs methods.

p12 = OpenSSL::PKCS12.new(File.read("testuser.p12"), "pass")
p p12.certificate
p p12.ca_certs

这篇关于使用OpenSSL读取证书文件中的Ruby错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！