Hi Matt,
On 04/03/19 14:24, Matt Caswell wrote:
On 04/03/2019 13:16, Jan Just Keijser wrote:
On 04/03/19 10:21, Wolfgang Knauf wrote:
Hi,
the output is this:
C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
..\config\SSL_HUG1@xxxxxxxxxxxxxxxxxxxxxxx\l1139218.vt-security.de.user.crt
Error: offset too large
Would it be OK if I send the crt file to only your mail adress? I don't feel
save by posting it to the mailing list ;-)?
I ran into the "offset too large" problem myself with my own certs as well. It
turns out the 'asn1parse' util only likes PEM blobs, i.e. the parts starting
with --BEGIN CERTIFICATE--
asn1parse will expect PEM by default but is perfectly capable of processing raw
DER too. Just use the "-inform DER" option.
100% true but that is not what I was referring to; my certs usually look
like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5338 (0x14da)
Signature Algorithm: sha256WithRSAEncryption
[...]
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgICFNowDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCTkwx
it's that part *before* the --BEGIN CERTIFICATE-- on which the
asn1parse command chokes. You can feed it either a DER file or a PEM
blob - but not a certificate file with the certificate info listed in it.
JJK
