AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field
Jan Just Keijser
janjust at nikhef.nl
Mon Mar 4 14:20:36 UTC 2019
Hi Matt,
On 04/03/19 14:24, Matt Caswell wrote:
>
> On 04/03/2019 13:16, Jan Just Keijser wrote:
>> On 04/03/19 10:21, Wolfgang Knauf wrote:
>>> Hi,
>>>
>>> the output is this:
>>>
>>> C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
>>> ..\config\SSL_HUG1 at l1139218.vt-security.de\l1139218.vt-security.de.user.crt
>>> Error: offset too large
>>>
>>> Would it be OK if I send the crt file to only your mail adress? I don't feel
>>> save by posting it to the mailing list ;-)?
>>>
>>>
>> I ran into the "offset too large" problem myself with my own certs as well. It
>> turns out the 'asn1parse' util only likes PEM blobs, i.e. the parts starting
>> with --BEGIN CERTIFICATE--
> asn1parse will expect PEM by default but is perfectly capable of processing raw
> DER too. Just use the "-inform DER" option.
>
>
100% true but that is not what I was referring to; my certs usually look
like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5338 (0x14da)
Signature Algorithm: sha256WithRSAEncryption
[...]
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgICFNowDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCTkwx
it's that part *before* the --BEGIN CERTIFICATE-- on which the
asn1parse command chokes. You can feed it either a DER file or a PEM
blob - but not a certificate file with the certificate info listed in it.
JJK
More information about the openssl-users
mailing list