"Dr. Stephen Henson" wrote:
> 
> On Sat, Mar 27, 2004, Ohaya wrote:
> 
> > Hi,
> >
> > BTW, I just tried asn1parse, and that worked, and didn't indicate any
> > problems, so I'm confused as to why I'm getting those errors with x509:
> >
> > openssl asn1parse -in myca.cer -inform der
> >
> 
> asn1parse just checks for valid ASN1 it doesn't check for a valid certificate.
> If the file isn't a valid certificate then the x509 will typically see
> something it doesn't expect and produce an error. That 'wrong tag' error is
> indeed an indication of this.
> 
> If as you said it looks like several certificates run together it could be a
> PKCS#7 file.
> 
> Try:
> 
> openssl pkcs7 -inform DER -in whatever.cer -print_certs
> 
> failing that post what the first few lines of asn1parse produce.
> 
> Steve.


Steve,

You're right, that "openssl pkcs7" worked (strange that it downloaded as
a .CER?).

Is there a way that I can use openssl to break this apart into the
individual certificates, and then possibly try the x509 or verify to try
to see what the problem is?

I should mention that the initial problem that I had with this was that
when I try to import it into Netscape (using Personal Security Manager
(PSM)), the import itself was working, but I noted that the imported
certs had "lost the purposes" that I had designated during the import. 
That may be a bit confusing :(.  

What I meant was that during the import, I checked the boxes for
(example) email, web authentication, and signing, but when I looked at
the certs after the import, those purposes were all unchecked/disabled. 
I don't think that this is a PSM issue, because I tried multiple
versions of PSM and found the same problem.

This lead me to try to download the certs using IE, and then IE gave me
the original error that I mentioned in my first message.

Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to