"Dr. Stephen Henson" wrote: > > On Sat, Mar 27, 2004, Ohaya wrote: > > > Hi, > > > > BTW, I just tried asn1parse, and that worked, and didn't indicate any > > problems, so I'm confused as to why I'm getting those errors with x509: > > > > openssl asn1parse -in myca.cer -inform der > > > > asn1parse just checks for valid ASN1 it doesn't check for a valid certificate. > If the file isn't a valid certificate then the x509 will typically see > something it doesn't expect and produce an error. That 'wrong tag' error is > indeed an indication of this. > > If as you said it looks like several certificates run together it could be a > PKCS#7 file. > > Try: > > openssl pkcs7 -inform DER -in whatever.cer -print_certs > > failing that post what the first few lines of asn1parse produce. > > Steve.
Steve, You're right, that "openssl pkcs7" worked (strange that it downloaded as a .CER?). Is there a way that I can use openssl to break this apart into the individual certificates, and then possibly try the x509 or verify to try to see what the problem is? I should mention that the initial problem that I had with this was that when I try to import it into Netscape (using Personal Security Manager (PSM)), the import itself was working, but I noted that the imported certs had "lost the purposes" that I had designated during the import. That may be a bit confusing :(. What I meant was that during the import, I checked the boxes for (example) email, web authentication, and signing, but when I looked at the certs after the import, those purposes were all unchecked/disabled. I don't think that this is a PSM issue, because I tried multiple versions of PSM and found the same problem. This lead me to try to download the certs using IE, and then IE gave me the original error that I mentioned in my first message. Jim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
