AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Jan Just Keijser janjust at nikhef.nl
Mon Mar 4 14:20:36 UTC 2019


Hi Matt,

On 04/03/19 14:24, Matt Caswell wrote:
>
> On 04/03/2019 13:16, Jan Just Keijser wrote:
>> On 04/03/19 10:21, Wolfgang Knauf wrote:
>>> Hi,
>>>
>>> the output is this:
>>>
>>> C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
>>> ..\config\SSL_HUG1 at l1139218.vt-security.de\l1139218.vt-security.de.user.crt
>>> Error: offset too large
>>>
>>> Would it be OK if I send the crt file to only your mail adress? I don't feel
>>> save by posting it to the mailing list ;-)?
>>>
>>>
>> I ran into the "offset too large" problem myself with my own certs as well. It
>> turns out the 'asn1parse' util only likes PEM blobs, i.e. the parts starting
>> with --BEGIN CERTIFICATE--
> asn1parse will expect PEM by default but is perfectly capable of processing raw
> DER too. Just use the "-inform DER" option.
>
>
100% true but that is not what I was referring to; my certs usually look 
like this:

Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 5338 (0x14da)
         Signature Algorithm: sha256WithRSAEncryption
[...]
-----BEGIN CERTIFICATE-----
MIIEmjCCA4KgAwIBAgICFNowDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCTkwx


it's that part *before* the --BEGIN CERTIFICATE--  on which the 
asn1parse command chokes. You can feed it either a DER file or a PEM 
blob - but not a certificate file with the certificate info listed in it.

JJK



More information about the openssl-users mailing list