问题
I`m trying to convert the .cer file to .pem through openssl, the command is:
openssl x509 -inform der -in certnew.cer -out ymcert.pem
and that's the errors I`m getting:
unable to load certificate
140735105180124:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140735105180124:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509
What am I doing wrong?
回答1:
I had this problem also. Just rename the CER to PEM was enough :)
回答2:
To expand on existing answer, like explained by ssl.com, a .cer file can be either in der or pem encoding. If it is in der encoding, you'll need to do conversion like you have done, but if it is already in pem encoding, no conversion is necessary and you get the error you've got if you try - and you can just rename the file.
If you're unsure, it is good to know that .der is a binary format, whereas .pem is ascii one. If you echo the contents of your certificate out, a .pem file would look something like this:
-----BEGIN CERTIFICATE-----
MIIEuTCCA6G[snip lots of chars]
XmCpajQ==
-----END CERTIFICATE-----
And a .der file would look like this:
0▒▒0▒▒▒@*▒H▒▒▒▒▒0
0▒▒1
0 UUS10U
VeriSign, Inc.10U
VeriSign Trust Network1:08U
回答3:
I have similar issue with CRT format which give me error during converting to pem. I do same thing like L0g0ff and it works. Below more details.
I checked details of certificate:
openssl x509 -in certificate.crt -noout -textafter changing extension to from certificate.crt to certificate.pem I get file in expected format:
-----BEGIN CERTIFICATE-----
...........................
-----END CERTIFICATE-----
来源:https://stackoverflow.com/questions/14191468/openssl-encoding-errors-while-converting-cer-to-pem