<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Real new to openssl as my product has just added a feature to upload
certs for https access which I need to test.<br>
<br>
I have been using the tools to create the different types of certs
that I want to test our feature with and have had good success after
a few mis-steps.<br>
<br>
One of the invalid tests I want to try is upload a signed cert in
DER format. So going full bore I tried this:<br>
<ul>
<li>generate rsa key in PEM format with genrsa<br>
</li>
<li>convert key to DER with rsa<br>
</li>
<li>create the CSR in DER format with req<br>
</li>
</ul>
<p>All of these I checked are in DER format as they can only be
parsed if I use the '-inform DER' option for their respective
cmds.<br>
</p>
<p>But trying to sign the CSR I get an error like x509 is trying to
read a PEM CSR:<br>
</p>
<p><big><tt>139782416189088:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting:
CERTIFICATE REQUEST</tt></big><br>
</p>
<p>I am using the option to tell x509 the CSR and the signing key is
in DER format but it seems to not have any affect for the CSR. If
I change the cmds so the CSR is in PEM format the x509 signing
works with the DER key.<br>
</p>
<p>On the other hand, as expected, if I just create a self-signed
PEM format cert I can use x509 to convert it to DER format. But I
wanted to understand if I am seeing a bug or if my understanding
is incorrect.<br>
</p>
<p>Here are the req and x509 cmds from my bash script that I am
using:<br>
</p>
<p><big><tt>openssl req -config $CONF -new -keyform DER -key
$MISC/der_format_der.key -outform DER -out
$MISC/der_format.csr</tt><tt><br>
</tt></big></p>
<p><big><tt>openssl x509 -req -in $MISC/der_format.csr -out
$MISC/der_format.crt -inform DER -outform DER \</tt><tt><br>
</tt><tt> -signkey $MISC/der_format_der.key -keyform
DER -days 365 -set_serial 14 </tt></big><br>
</p>
<p>Thanks,<br>
Paul Hawkins<br>
</p>
</body>
</html>