unable to load certificate error

Question

unable to load certificate error

davidvasandani opened this issue 10 years ago · 5 comments

1: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.domain.io
2: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=PositiveSSL CA 2
unable to load certificate
140525519689544:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140525519689544:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_CINF
140525519689544:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509

Not sure whats causing it.

Answer 1 · 2015-02-15T05:11:28.000Z

Can you insert set -x line to the beginning of resolve.sh file, run it again, and paste output here? It will help me to debug it. Thanks.

Answer 2 · 2015-02-17T15:31:12.000Z

I had the same problem. It turned out to be caused by the issuers certificate (http://certificates.godaddy.com/repository/gdig2.crt) being PEM- instead of DER-encoded.

Answer 3 · 2015-02-18T07:06:03.000Z

Ok, so the script should accept both PEM and DER certs everywhere (input, intermediates, output). There is nothing sure in PKI world. I'll fix it soon.

Can you attach the leaf cert which causes this, so I can add it to tests?

Answer 4 · 2015-02-19T16:22:44.000Z

I have fixed it in latest master.

Answer 5 · 2015-02-20T18:33:26.000Z

I can confirm that it's working now for the case I had trouble with previously.