[openssl-users] Openssl failed to decrypt certificate without \r\n

Zhang, Lily (USD) Lily.Zhang at dell.com
Mon Sep 18 02:23:42 UTC 2017 

Hi, 
Would you help me to take a look this certificate issue?
In order to send out the file, I added ".txt" in the file name. Please remove it before test it.

Leaf_no_rn.cer doesn't have \r\n in the BASE64 string, it can't be parsed by openssl.
Leaf_with_rn.cer is the same as Leaf_no_rn.cer, but it has \r\n in BASE64 string. 
Both the attached two certificates can be parsed by Windows. 

I tried other certificates, then can be parsed by in both formats(with \r\n and  no\r\n).

Do you know why Leaf_no_rn.cer can't be parsed by " openssl x509 -in C:\Temp\Leaf_with_rn.cer -text"?

------------------------------------------------------------------------------------------

C:\OpenSSL\bin>openssl x509 -in C:\Temp\Leaf_with_rn.cer -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:00:00:04:30:86:b8:28:2b:df:d1:0b:ae:00:00:00:00:04:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=njmgroup, CN=NJMSubEnt-CA
        Validity
            Not Before: Apr 20 08:21:19 2017 GMT
            Not After : Apr 20 08:21:19 2018 GMT
        Subject: CN=DCWT1.njmgroup.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:af:89:3b:a2:20:62:e6:9a:90:fe:2b:bb:81:8d:
                    78:68:0f:43:a5:98:67:29:21:1e:f2:5f:b3:15:7a:
                    86:9f:2c:74:40:8e:82:8c:0e:dd:b1:ea:6b:26:c1:
                    1d:8f:1b:8e:4c:d4:93:2a:b7:3b:1d:12:a9:2d:73:
                    6b:67:85:57:9c:28:5d:71:f2:f8:bd:0a:c9:58:79:
                    d7:c1:78:99:d2:91:81:ed:a6:41:e9:b8:ac:61:d4:
                    78:52:79:bc:af:d4:68:b8:b3:f6:3d:1e:45:db:9b:
                    e3:95:31:01:e2:3a:e3:76:84:ba:70:68:0b:1a:fd:
                    2f:1f:31:86:f3:be:1e:ff:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.20.2:
                . .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Auth
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            S/MIME Capabilities:
......0...`.H.e...*0...`.H.e...-0...`.H.e....0...`.H.e....0...+...
..*.H..
            X509v3 Subject Alternative Name:
                othername:<unsupported>, DNS:DCWT1.njmgroup.com
            X509v3 Subject Key Identifier:
                8B:8B:36:E1:61:A2:85:77:28:17:97:C1:49:A0:B2:AE:9D
            X509v3 Authority Key Identifier:
                keyid:B5:B6:D4:63:FE:24:A2:45:68:93:D1:DD:D1:A2:21
E

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:ldap:///CN=NJMSubEnt-CA,CN=SCAPWT1,CN=CDP,CN
20Services,CN=Services,CN=Configuration,DC=njmgroup,DC=com?certifi
List?base?objectClass=cRLDistributionPoint
                  URI:http://pki.njmgroup.com/CertEnroll/NJMSubEnt

            Authority Information Access:
                CA Issuers - URI:ldap:///CN=NJMSubEnt-CA,CN=AIA,CN
20Services,CN=Services,CN=Configuration,DC=njmgroup,DC=com?cACerti
jectClass=certificationAuthority
                CA Issuers - URI:http://pki.njmgroup.com/CertEnrol
roup.com_NJMSubEnt-CA.crt

    Signature Algorithm: sha256WithRSAEncryption
         31:49:55:f2:e5:29:35:c4:8f:7b:7b:22:3f:ed:2f:4a:c5:26:
         b0:88:47:92:39:3e:b6:0f:c7:f3:7b:c9:6d:1b:16:ac:78:9b:
         62:d1:ff:dc:74:40:41:68:ac:11:65:d6:bf:fb:8f:18:66:13:
         83:f6:6e:39:5a:01:2d:01:31:55:a6:1a:61:ac:02:0a:9f:ad:
         ac:c4:5f:b6:1e:5f:b6:18:9f:5b:77:1c:d7:f0:4a:35:bd:37:
         cf:23:ec:90:3d:18:a7:8f:e7:9c:73:ba:9f:1f:55:8c:c4:79:
         28:23:d6:ce:31:f4:5e:c7:e4:8d:93:fb:f6:c7:c2:96:e3:bb:
         0d:fd:af:cc:fb:bf:6c:f9:81:64:3c:c7:38:f7:c4:d1:7c:70:
         f6:e7:9a:71:e7:89:aa:82:19:cd:49:1b:81:3d:1b:37:b3:c9:
         c1:6c:a1:2d:76:46:fe:bd:21:65:50:58:0f:6a:68:90:0e:12:
         be:05:44:49:12:49:87:70:88:79:3d:84:c4:7e:8a:1b:45:cd:
         a4:92:fe:49:0f:84:42:e8:9f:78:97:f3:ca:24:92:03:05:aa:
         a7:7d:5f:99:92:cd:9f:f3:b5:27:06:24:41:81:03:86:0a:c5:
         52:68:7b:67:f4:e0:b9:5c:e5:a9:36:2d:77:f2:96:d0:6f:e1:
         cc:f9:53:51
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgITWQAABDCGuCgr39ELrgAAAAAEMDANBgkqhkiG9w0BAQsF
ADBGMRMwEQYKCZImiZPyLGQBGRYDY29tMRgwFgYKCZImiZPyLGQBGRYIbmptZ3Jv
dXAxFTATBgNVBAMTDE5KTVN1YkVudC1DQTAeFw0xNzA0MjAwODIxMTlaFw0xODA0
MjAwODIxMTlaMB0xGzAZBgNVBAMTEkRDV1QxLm5qbWdyb3VwLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAr4k7oiBi5pqQ/iu7gY14aA9DpZhnKSEe8l+z
FXqGnyx0QI6CjA7dseprJsEdjxuOTNSTKrc7HRKpLXNrZ4VXnChdcfL4vQrJWHnX
wXiZ0pGB7aZB6bisYdR4Unm8r9RouLP2PR5F25vjlTEB4jrjdoS6cGgLGv0vHzGG
874e/ykCAwEAAaOCA3owggN2MC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4A
QwBvAG4AdAByAG8AbABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwEwCwYDVR0PBAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCA
MA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCG
SAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwPgYDVR0R
BDcwNaAfBgkrBgEEAYI3GQGgEgQQQfY96mn8bUa6Xjr69o65/4ISRENXVDEubmpt
Z3JvdXAuY29tMB0GA1UdDgQWBBSLizbhYaKFdygXl8FJoLKuncl7eDAfBgNVHSME
GDAWgBS1ttRj/iSiRWiT0d3RoiHngvKnfjCCAQAGA1UdHwSB+DCB9TCB8qCB76CB
7IaBtGxkYXA6Ly8vQ049TkpNU3ViRW50LUNBLENOPVNDQVBXVDEsQ049Q0RQLENO
PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy
YXRpb24sREM9bmptZ3JvdXAsREM9Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIYzaHR0cDov
L3BraS5uam1ncm91cC5jb20vQ2VydEVucm9sbC9OSk1TdWJFbnQtQ0EuY3JsMIIB
FwYIKwYBBQUHAQEEggEJMIIBBTCBrAYIKwYBBQUHMAKGgZ9sZGFwOi8vL0NOPU5K
TVN1YkVudC1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049
U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1uam1ncm91cCxEQz1jb20/Y0FD
ZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3Jp
dHkwVAYIKwYBBQUHMAKGSGh0dHA6Ly9wa2kubmptZ3JvdXAuY29tL0NlcnRFbnJv
bGwvU0NBUFdUMS5uam1ncm91cC5jb21fTkpNU3ViRW50LUNBLmNydDANBgkqhkiG
9w0BAQsFAAOCAQEAMUlV8uUpNcSPe3siP+0vSsUmsIhHkjk+tg/H83vJbRsWrHib
YtH/3HRAQWisEWXWv/uPGGYTg/ZuOVoBLQExVaYaYawCCp+trMRfth5fthifW3cc
1/BKNb03zyPskD0Yp4/nnHO6nx9VjMR5KCPWzjH0XsfkjZP79sfCluO7Df2vzPu/
bPmBZDzHOPfE0Xxw9ueaceeJqoIZzUkbgT0bN7PJwWyhLXZG/r0hZVBYD2pokA4S
vgVESRJJh3CIeT2ExH6KG0XNpJL+SQ+EQuifeJfzyiSSAwWqp31fmZLNn/O1JwYk
QYEDhgrFUmh7Z/TguVzlqTYtd/KW0G/hzPlTUQ==
-----END CERTIFICATE-----

C:\OpenSSL\bin>openssl x509 -in C:\Temp\Leaf_no_rn.cer -text
unable to load certificate
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Leaf_no_rn.cer.txt
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170918/54ae4581/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Leaf_with_rn.cer.txt
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170918/54ae4581/attachment-0001.txt>

More information about the openssl-users mailing list