发表新帖
发表新帖

Getting OpenSSL::X509::CertificateError nested asn1 error on Ruby

后端 未结
关注
3 1362
情深已故
情深已故 2020-12-11 00:46

I have .p12 file from Apple and tried to convert it to .pem file with following command:

openssl pkcs12 -in cert.p12 -out apple_push_notification_development
相关标签:
3条回答
  • 自闭症患者
    2020-12-11 01:08

    This also may happen when you forget to sign newly generated certificate. I wanted to use self-signed certificate but forgot signing part.

    # Create key
key = OpenSSL::PKey::RSA.new(2048)
open("key.pem", "w") do |io| io.write(key.to_pem) end

# Generate certificate
name = OpenSSL::X509::Name.parse("CN=example.com/C=EE")
cert = OpenSSL::X509::Certificate.new
cert.version     = 2
cert.serial      = 0
cert.not_before  = Time.now
cert.not_after   = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 year validity
cert.public_key  = key.public_key
cert.subject     = name

    and this part of code is what I missed:

    cert.issuer = name
cert.sign key, OpenSSL::Digest::SHA1.new
open "cert.pem", 'w' do |io| io.write cert.to_pem end
    0 讨论(0)
  • 孤独总比滥情好
    2020-12-11 01:12

    Appreciate it's not your exact same scenario, but I was attempting to read in a PEM file (PKCS7) in my instance. OpenSSL CLI would decode it fine, but ruby kept throwing the same nested asn1 error that you describe when I tried to load it into an object.

    In my case it needed a new line i.e. '\n' at the end of the PEM file for it to accept it.

    I worked it out only when I created an empty object and compared the generated PEM output to the file I was trying to load.

    So with a X509 cert maybe try:

    cert = OpenSSL::X509::Certificate.new
cert.to_pem
=> "-----BEGIN CERTIFICATE-----\nMCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA\n-----END CERTIFICATE-----\n"

    And compare it to your PEM file

    As you can see it's terminated with a new line and that was missing in the file that I was trying to import.

    0 讨论(0)
  • 鱼传尺愫
    2020-12-11 01:18

    I've had the same problem and im my case I needed to decode file content with Base64.

    require 'openssl'
require 'base64'

encoded_content = File.read('apple_push_notification_development.pem')
decoded_content = Base64.decode64(encoded_content)
certificate = OpenSSL::X509::Certificate.new(decoded_content)
    0 讨论(0)
 看不清?
提交回复
热议问题