"Mitchel, Jennifer (Jem)" wrote: > I have generated my key pair. I have generated my certificate > signing request sent it to my CA and gotten my certificate back... > I named it server.crt > I am trying to use ssl to verify the certificate. I have the key pair, > csr & server.crt all in <install>/bin so no other path is needed to the files. > I am typing the command: ./openssl x509 -noout -text -in server.crt > and I am getting the error: > unable to load certificate > 19713:error:0906D06C:PEM routines:PEM_read_bio:no start >line:pem_lib.c:663:Expecting: TRUSTED CERTIFICATE > Can someone tell me what it is I'm missing.
It might not be this simple, but could you check to see that the certificate file is readable and has the appropriate "start line" (which is what the code is complaining about)? A certificate in PEM format looks like this: -----BEGIN CERTIFICATE----- MIIDjjCCAvegAwIBAgIDAKqqMA0GCSqGSIb3DQEBBAUAMIGKMQswCQYDVQQGEwJV UzERMA8GA1UECBMITWFyeWxhbmQxGTAXBgNVBAoTEFVNQ1AvT0lUL1RTUy9FSVMx MDAuBgNVBAMTJ1VNQ1AvT0lUL1RTUy9FSVMgU2VsZlNpZ25lZCBDQSAoY2VydCBB KTEbMBkGCSqGSIb3DQEJARYMemJlbkB1bWQuZWR1MB4XDTAyMDIyMTE4MjYxM1oX DTA3MDIyMDE4MjYxM1owgYwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFu ZDEZMBcGA1UEChMQVU1DUC9PSVQvVFNTL0VJUzEyMDAGA1UEAxMpVU1DUC9PSVQv VFNTL0VJUyBJbnRlcm1lZGlhdGUgQ0EgKGNlcnQgQikxGzAZBgkqhkiG9w0BCQEW DHpiZW5AdW1kLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy1aSf+oR KjdW4GuofJrnuRDwcGRmJ66uEZLwlvngQJpKvKMtirooG9JwRgH/MiQYzNZytj2C yCfwNbUpVB+hkf3ow82xJAk+qotM6+GGfsa5o2GPF2CyzkCi81jA9p/P9Zlmjx/2 04c2J68s5MC5PvGUyzHZN9Cz4Wmw3HwVzakCAwEAAaOB/TCB+jAdBgNVHQ4EFgQU I8XlxJOCRIGw/kvMKhvOPqr6TRIwgbcGA1UdIwSBrzCBrIAUmi04P8/gAUxR7/Hc OTlGa2rXu0ehgZCkgY0wgYoxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhNYXJ5bGFu ZDEZMBcGA1UEChMQVU1DUC9PSVQvVFNTL0VJUzEwMC4GA1UEAxMnVU1DUC9PSVQv VFNTL0VJUyBTZWxmU2lnbmVkIENBIChjZXJ0IEEpMRswGQYJKoZIhvcNAQkBFgx6 YmVuQHVtZC5lZHWCAQAwDAYDVR0TBAUwAwEB/zARBglghkgBhvhCAQEEBAMCAgQw DQYJKoZIhvcNAQEEBQADgYEAEipQP8YEZOZdWuZXhvleKlscEXrSbLs9qzdfxMTB 0uulvLBba+QwaTUyTmbeCgTD3Rjib12o0VX8jEJospiMnZmPaj/4fy3rULTFhvBY Kl309wj7a2lfbJF/6ip5xr1pHgPEGFAZbSGygOibuuHsIeb3HA0YWa6H3UJlFVuU n8A= -----END CERTIFICATE----- If the certificate is a jumble of binary data try adding -inform der in case the cert is in der format: ./openssl x509 -noout -text -inform der -in server.crt It is easy to translate between the two formats using much the same command: der to pem: ./openssl x509 -inform der -outform pem -in infile -out outfile pem to der: ./openssl x509 -inform pem -outform der -in infile -out outfile (actually pem is the default for inform and outform) This might be important later when you try to use the certificate, as the server software may demand a different form than you have... -- Charles B. (Ben) Cranston mailto:zben@;umd.edu http://www.wam.umd.edu/~zben ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
