在 Ruby 上获取 OpenSSL::X509::CertificateError 嵌套 asn1 错误 [英] Getting OpenSSL::X509::CertificateError nested asn1 error on Ruby

问题描述

我有来自 Apple 的 .p12 文件，并尝试使用以下命令将其转换为 .pem 文件:

I have .p12 file from Apple and tried to convert it to .pem file with following command:

openssl pkcs12 -in cert.p12 -out apple_push_notification_development.pem -nodes -clcerts

尝试使用

OpenSSL::X509::Certificate.new(File.read('apple_push_notification_development.pem'))

我收到以下错误:

OpenSSL::X509::CertificateError: nested asn1 error
    from (irb):9:in `initialize'
    from (irb):9:in `new'
    ...

我做错了吗?卡住了，求帮助.谢谢

Did I do something wrong ? Being stuck, please help. Thanks

推荐答案

感谢这与您的场景不完全相同，但我试图在我的实例中读取 PEM 文件 (PKCS7).OpenSSL CLI 可以很好地解码它，但是 ruby​​ 一直抛出与我尝试将其加载到对象中时描述的相同的嵌套 asn1 错误.

Appreciate it's not your exact same scenario, but I was attempting to read in a PEM file (PKCS7) in my instance. OpenSSL CLI would decode it fine, but ruby kept throwing the same nested asn1 error that you describe when I tried to load it into an object.

就我而言，它需要一个新行，即 PEM 文件末尾的\n"才能接受它.

In my case it needed a new line i.e. '\n' at the end of the PEM file for it to accept it.

只有当我创建一个空对象并将生成的 PEM 输出与我尝试加载的文件进行比较时，我才解决了这个问题.

I worked it out only when I created an empty object and compared the generated PEM output to the file I was trying to load.

因此，可以尝试使用 X509 证书:

So with a X509 cert maybe try:

cert = OpenSSL::X509::Certificate.new
cert.to_pem
=> "-----BEGIN CERTIFICATE-----\nMCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA\n-----END CERTIFICATE-----\n"

并将其与您的 PEM 文件进行比较

And compare it to your PEM file

如您所见，它以新行结尾，而我尝试导入的文件中缺少该行.

As you can see it's terminated with a new line and that was missing in the file that I was trying to import.

这篇关于在 Ruby 上获取 OpenSSL::X509::CertificateError 嵌套 asn1 错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！