Hi, folks. I hope this is an easy question. I've searched the -users archive and also on google and found a couple of similar reports, but no cogent answers.
I just renewed my web server's Verisign Secure Server certificate (our 3rd year with them). The certificate they sent me this year is slightly larger than previously (1229 bytes rather than 912), and can't be loaded. When I try to inspect it with openssl x509 -text, I get this error message: unable to load certificate 11366:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an asn1 sequence:x_algor.c:85:address=1539371 offset=0 11366:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1 error:x_x509.c:104:address=1538600 offset=771 11366:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290: Verisign tech support basically told me it was my problem to tell them what was wrong with the cert (!). I've doublechecked the original CSR and it was OK. Does this problem look familiar to anyone? tia/jbc -------- John Chambers Dept of Computer Sciences (MS C0500), Taylor Hall 2.124 The University of Texas at Austin, Austin TX 78712-1188 (me) 512.471.9593 (CS) 512.471.7316 (fax#) 512.471.8885 [EMAIL PROTECTED] http://www.cs.utexas.edu/users/jbc/ Script started on Sat Jan 19 11:26:39 2002 sh-2.05$ ls -l total 4 -rw------- 1 jbc dept 912 Jan 19 11:11 2000.crt -rw------- 1 jbc dept 912 Jan 19 11:11 2001.crt -rw------- 1 jbc dept 1229 Jan 19 11:11 2002.crt sh-2.05$ ../openssl OpenSSL> version OpenSSL 0.9.6c 21 dec 2001 OpenSSL> x509 -noout -text -in 2000.crt Certificate: Data: Version: 1 (0x0) Serial Number: 0e:0d:63:4e:66:cb:18:72:63:d7:91:93:c1:5c:10:59 Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Validity Not Before: Feb 16 00:00:00 2000 GMT Not After : Feb 15 23:59:59 2001 GMT Subject: C=US, ST=Texas, L=Austin, O=University of Texas at Austin, OU=Department of Computer Science, CN=www.cs.utexas.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a7:0e:e5:5a:4b:78:4b:bd:4e:23:27:65:4b:f0: 87:99:e3:88:ce:71:42:6b:b5:87:30:ad:0a:e0:f3: de:1d:6e:8b:ef:b7:02:c8:98:77:ab:c3:25:47:be: bd:2b:5d:94:2b:04:b7:cf:31:ea:bc:e1:83:38:ae: 8d:8c:40:8f:08:b4:c5:d8:09:ea:df:a1:b3:b9:4e: ba:48:6d:ce:9a:75:32:0c:bb:98:24:15:c4:e4:77: 6f:d7:20:b6:23:c2:16:ce:98:6e:b1:49:95:9f:dd: 4e:a1:a1:86:66:7d:fc:61:10:d8:74:93:cf:d5:9c: 44:3f:25:80:2b:0f:91:1f:bd Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 1b:e9:8a:3e:c0:84:1c:f5:23:8c:10:6a:c1:d7:d9:86:82:30: 05:d4:3b:50:df:e4:16:dc:4f:a2:69:33:0e:2c:33:76:a6:df: 84:93:9b:d5:c5:28:22:c1:6c:48:9b:52:50:4d:71:5a:81:36: d1:3d:12:02:f7:38:3f:5c:ae:b0:50:7e:8d:7a:ad:3d:cb:6b: 8b:d3:56:9e:c0:dd:cf:44:4a:5d:10:61:ba:36:dc:a0:27:d7: ec:2c:e9:03:a0:92:a1:92:98:7f:b7:3d:f1:6b:26:ab:c0:a5: c4:a8:44:53:a4:59:98:2f:a2:9b:b0:30:95:35:6d:cd:32 OpenSSL> x509 -noout -text -in 2001.crt Certificate: Data: Version: 1 (0x0) Serial Number: 2d:17:fd:51:7d:45:27:cd:06:4c:82:f3:d6:8c:f3:5d Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority Validity Not Before: Jan 22 00:00:00 2001 GMT Not After : Feb 15 23:59:59 2002 GMT Subject: C=US, ST=Texas, L=Austin, O=University of Texas at Austin, OU=Department of Computer Science, CN=www.cs.utexas.edu Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c3:e7:cc:dc:65:9d:e6:1f:6b:d8:d7:f4:85:ee: ca:bf:9b:ee:d1:25:31:fe:f2:da:c4:47:d2:b7:0e: 4e:d8:ee:e5:bf:bf:5f:71:ee:b6:2d:05:e8:f5:a6: 06:f0:ee:7a:39:aa:b4:cb:a6:26:92:2b:b1:e8:d3: d9:e4:2d:3f:d8:91:ad:b8:17:7a:0b:86:3b:b6:ff: 4a:de:a6:5f:3e:04:f0:bb:5c:11:53:be:57:a2:53: 99:94:a6:4c:59:aa:63:c7:93:b8:6a:a7:8e:f1:bf: a4:32:c6:d5:5c:f6:65:f8:9b:11:1b:41:54:2a:94: b9:08:d1:16:8e:af:96:c7:cd Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 7b:f4:72:b0:02:fd:f9:b9:81:cb:57:12:bb:0c:32:df:1d:e3: 00:25:6e:60:ed:2a:28:10:f2:1e:7f:86:18:ff:1d:03:a2:d4: 0e:ae:b0:22:08:1f:90:19:28:45:bb:b2:ff:77:e5:29:1b:ba: 8d:4b:cf:d5:aa:a5:5f:eb:84:49:f8:f1:b4:c2:21:8a:3b:3b: f4:f4:54:f5:f7:9e:e3:e5:88:96:25:a9:2c:cb:04:92:c2:a8: 9e:df:5a:10:b5:08:95:6c:9f:d3:fa:85:da:2c:6d:30:9f:63: 10:b1:47:c6:5b:cd:4e:d8:ae:dc:f3:a2:d9:6d:75:d4:46 OpenSSL> x509 -noout -text -in 2002.crt unable to load certificate 11366:error:0D0A0007:asn1 encoding routines:d2i_X509_ALGOR:expecting an asn1 sequence:x_algor.c:85:address=1539371 offset=0 11366:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1 error:x_x509.c:104:address=1538600 offset=771 11366:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:290: error in x509 OpenSSL> quit sh-2.05$ cat 2002.crt -----BEGIN CERTIFICATE----- MIIDjjCCAvugAwIBAgIQOSjKr9cd5lnwKXbfEY94BzANBgkqhkiG9w0BAQQFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDIwMTE4MDAwMDAwWhcNMDMwMjE1MjM1OTU5WjCBmzELMAkGA1UEBhMCVVMx DjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHFAZBdXN0aW4xJjAkBgNVBAoUHVVuaXZl cnNpdHkgb2YgVGV4YXMgYXQgQXVzdGluMScwJQYDVQQLFB5EZXBhcnRtZW50IG9m IENvbXB1dGVyIFNjaWVuY2UxGjAYBgNVBAMUEXd3dy5jcy51dGV4YXMuZWR1MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDibX+62q714UU1ZenJ1mLyKMESBw27 AkZ1S8rEtWpO9npjAqZVIFqLbwPQKqCck9MofSdSK3c9u2TREkjFRU1aLSqnQPT4 7X8kbU2yzNRan+CGC0b36mDL7+A3ys/L2VhDKJpOQIPKWTBv0LyyU+D4kGvMwXK0 piWmh0WtgzFhrQIDAQABo4IBEDCCAQwwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAw PAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2lnbi5jb20vUlNBU2Vj dXJlU2VydmVyLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYB BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG+EUBBg8ECxYJNjI3NTI0NjQ4MDQG CCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24u PZWwglc4k7QZivhGkcIoT/ZoYfewUdmrQUxieHdnSMEicKC2n85Y8rw6aOJQ4fu9 2EYB8Md6Ii57BvtZdVDeikTWsMYW5hEqzlwb/CZ2NNczlCO11V4KYL23zqDXgqfN MtY= -----END CERTIFICATE----- sh-2.05$ exit script done on Sat Jan 19 11:27:32 2002 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
