[openssl-users] Openssl failed to decrypt certificate without \r\n

Zhang, Lily (USD) Lily.Zhang at dell.com
Mon Sep 18 07:58:26 UTC 2017 

I can decrypt the root.cer successfully. And my error of leaf_no_rn.cer is different from you.

OpenSSL>  x509 -in C:\Temp\leaf_no_rn.cer -text
unable to load certificate
error in x509

OpenSSL> version
OpenSSL 1.0.2h  3 May 2016

OpenSSL> x509 -in C:\Temp\root.cer -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:11:16:87:de:09:6e:ac:42:50:b5:d9:13:35:f9:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=NJMRoot-CA
        Validity
            Not Before: Jun 22 14:54:53 2015 GMT
            Not After : Jun 22 15:04:53 2025 GMT
        Subject: CN=NJMRoot-CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ca:38:ac:14:ba:7c:b2:1c:f2:14:70:08:10:b0:
                    0b:be:45:51:d9:50:6e:72:ba:10:97:7f:49:1b:b9:
                    a9:61:ca:54:7b:55:d6:41:7d:82:20:ff:a5:02:9a:
                    fa:61:ed:af:bb:47:d4:95:e8:d1:51:d3:05:1d:43:
                    4a:3a:3e:63:af:58:7f:3b:bc:3e:d3:19:9b:ba:31:
                    d6:78:f0:09:33:97:ac:bd:27:49:15:23:f3:fa:04:
                    17:d4:e6:d3:fd:20:ef:87:f9:b4:38:14:2c:45:9e:
                    ee:39:03:80:7d:e2:14:bc:2b:b3:e4:0c:f0:d5:b8:
                    06:66:27:71:0d:7a:42:5e:86:8f:fb:d8:73:91:52:
                    c8:fe:ba:56:c5:07:37:18:f4:61:47:1f:1b:b0:46:
                    74:3d:56:96:9d:90:8d:83:0c:64:04:de:44:e8:c7:
                    e1:c0:4c:4a:c7:76:ff:ed:08:6e:4c:10:1c:48:f5:
                    0f:e3:ce:10:d3:54:15:84:a1:dd:5f:da:61:88:8a:
                    6d:82:2e:c7:08:7a:35:62:91:92:37:49:b6:be:ac:
                    50:61:f5:e3:46:79:7b:ff:9b:64:ca:cb:75:ba:01:
                    c2:de:c4:1a:80:d1:4a:bb:6f:b0:5a:a5:f3:96:a6:
                    17:2e:63:0a:8b:eb:1d:72:b8:84:a7:2d:08:e7:db:
                    d3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B9:17:D1:69:23:34:17:B5:52:68:E9:FF:F8:57:14:5E:89:5C:34:C5
            1.3.6.1.4.1.311.21.1:
                ...
    Signature Algorithm: sha256WithRSAEncryption
         91:1b:79:d1:86:ab:91:a3:5e:71:30:10:26:c2:8c:13:2e:a5:
         c7:f2:2a:d9:00:af:01:3f:48:94:cb:f2:0c:a7:21:ea:a3:dd:
         aa:e5:bb:27:5f:eb:e1:76:20:f7:c3:d6:8e:ba:a2:8d:2b:67:
         ed:fc:1e:5b:bc:e5:ab:20:c1:24:9f:a7:ab:1b:61:35:5c:2a:
         94:96:89:0d:69:77:74:94:1b:66:1e:85:39:b5:08:3f:48:4a:
         98:5a:6f:fd:1b:86:42:b9:cc:4e:a7:95:56:19:a8:ad:cd:c9:
         57:ba:0c:55:0c:6e:8e:87:10:3f:4c:eb:b3:e8:0e:f6:64:c4:
         76:e8:dc:2d:16:aa:18:ec:c2:51:4f:df:71:3a:61:4f:b9:e8:
         a4:63:f8:fc:e7:5f:f1:79:fa:0e:7c:de:fe:7b:3b:62:f2:43:
         2d:aa:6c:b1:72:40:37:29:c3:59:fd:6e:11:8b:82:6a:0d:6f:
         46:79:51:d2:b0:41:84:68:42:c2:e1:7a:e9:db:63:c6:a7:0f:
         28:92:ca:e1:9e:d9:1e:4a:08:a5:89:da:2d:0c:6e:6d:c5:a5:
         c6:2c:54:7e:41:1d:fa:77:2b:62:08:47:b4:15:f6:7b:67:b5:
         09:fb:ce:6f:9e:07:95:f5:3a:f6:6b:a2:64:52:20:de:0a:9c:
         47:29:1e:a5
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIQRBEWh94JbqxCULXZEzX5FjANBgkqhkiG9w0BAQsFADAV
MRMwEQYDVQQDEwpOSk1Sb290LUNBMB4XDTE1MDYyMjE0NTQ1M1oXDTI1MDYyMjE1
MDQ1M1owFTETMBEGA1UEAxMKTkpNUm9vdC1DQTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMo4rBS6fLIc8hRwCBCwC75FUdlQbnK6EJd/SRu5qWHKVHtV
1kF9giD/pQKa+mHtr7tH1JXo0VHTBR1DSjo+Y69Yfzu8PtMZm7ox1njwCTOXrL0n
SRUj8/oEF9Tm0/0g74f5tDgULEWe7jkDgH3iFLwrs+QM8NW4BmYncQ16Ql6Gj/vY
c5FSyP66VsUHNxj0YUcfG7BGdD1Wlp2QjYMMZATeROjH4cBMSsd2/+0IbkwQHEj1
D+POENNUFYSh3V/aYYiKbYIuxwh6NWKRkjdJtr6sUGH140Z5e/+bZMrLdboBwt7E
GoDRSrtvsFql85amFy5jCovrHXK4hKctCOfb050CAwEAAaNRME8wCwYDVR0PBAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLkX0WkjNBe1Umjp//hXFF6J
XDTFMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQCRG3nRhquR
o15xMBAmwowTLqXH8irZAK8BP0iUy/IMpyHqo92q5bsnX+vhdiD3w9aOuqKNK2ft
/B5bvOWrIMEkn6erG2E1XCqUlokNaXd0lBtmHoU5tQg/SEqYWm/9G4ZCucxOp5VW
GaitzclXugxVDG6OhxA/TOuz6A72ZMR26NwtFqoY7MJRT99xOmFPueikY/j851/x
efoOfN7+ezti8kMtqmyxckA3KcNZ/W4Ri4JqDW9GeVHSsEGEaELC4Xrp22PGpw8o
ksrhntkeSgilidotDG5txaXGLFR+QR36dytiCEe0FfZ7Z7UJ+85vngeV9Tr2a6Jk
UiDeCpxHKR6l
-----END CERTIFICATE-----
OpenSSL>

Thank
Lily

-----Original Message-----
From: Zhang, Lily (USD) 
Sent: Monday, September 18, 2017 3:21 PM
To: 'openssl-users at openssl.org'
Subject: RE: [openssl-users] Openssl failed to decrypt certificate without \r\n

Hi, Viktor
Thanks for your reply.
Why it can decrypt attached root.cer, it also has long lines in root.cer?

Thanks
Lily

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Viktor Dukhovni
Sent: Monday, September 18, 2017 2:00 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Openssl failed to decrypt certificate without \r\n


> On Sep 17, 2017, at 10:23 PM, Zhang, Lily (USD) <Lily.Zhang at dell.com> wrote:
> 
> Would you help me to take a look this certificate issue?
> In order to send out the file, I added ".txt" in the file name. Please remove it before test it.
> 
> Leaf_no_rn.cer doesn't have \r\n in the BASE64 string, it can't be parsed by openssl.
> Leaf_with_rn.cer is the same as Leaf_no_rn.cer, but it has \r\n in BASE64 string. 
> Both the attached two certificates can be parsed by Windows.

This is expected, the OpenSSL PEM file reader does not support input lines with IIRC more than 64 bytes.  PEM files are not supposed to have longer lines.

-- 
	Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list