Ohaya wrote: > > "Dr. Stephen Henson" wrote: > > > > On Sat, Mar 27, 2004, Ohaya wrote: > > > > > Hi, > > > > > > BTW, I just tried asn1parse, and that worked, and didn't indicate any > > > problems, so I'm confused as to why I'm getting those errors with x509: > > > > > > openssl asn1parse -in myca.cer -inform der > > > > > > > asn1parse just checks for valid ASN1 it doesn't check for a valid certificate. > > If the file isn't a valid certificate then the x509 will typically see > > something it doesn't expect and produce an error. That 'wrong tag' error is > > indeed an indication of this. > > > > If as you said it looks like several certificates run together it could be a > > PKCS#7 file. > > > > Try: > > > > openssl pkcs7 -inform DER -in whatever.cer -print_certs > > > > failing that post what the first few lines of asn1parse produce. > > > > Steve. > > Steve, > > You're right, that "openssl pkcs7" worked (strange that it downloaded as > a .CER?). > > Is there a way that I can use openssl to break this apart into the > individual certificates, and then possibly try the x509 or verify to try > to see what the problem is? > > I should mention that the initial problem that I had with this was that > when I try to import it into Netscape (using Personal Security Manager > (PSM)), the import itself was working, but I noted that the imported > certs had "lost the purposes" that I had designated during the import. > That may be a bit confusing :(. > > What I meant was that during the import, I checked the boxes for > (example) email, web authentication, and signing, but when I looked at > the certs after the import, those purposes were all unchecked/disabled. > I don't think that this is a PSM issue, because I tried multiple > versions of PSM and found the same problem. > > This lead me to try to download the certs using IE, and then IE gave me > the original error that I mentioned in my first message. > > Jim
Hi, Ok, I've figured out at least the part about how to break the individual certs out. I redirected the output of the pckx7 to a text file, then am editing each of the certs out individually. Once I've done that, can someone suggest what the best approach would be for checking the certs, especially relative to the Netscape/PSM problem that I described above? Thanks, Jim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
