AW: OpenVPNGui 2.4.7 fails: format error in certificate's notAfter field

Jan Just Keijser janjust at
Mon Mar 4 14:20:36 UTC 2019

Hi Matt,

On 04/03/19 14:24, Matt Caswell wrote:
> On 04/03/2019 13:16, Jan Just Keijser wrote:
>> On 04/03/19 10:21, Wolfgang Knauf wrote:
>>> Hi,
>>> the output is this:
>>> C:\Program Files\OpenVPN\bin>openssl.exe asn1parse -i -in
>>> ..\config\SSL_HUG1 at\
>>> Error: offset too large
>>> Would it be OK if I send the crt file to only your mail adress? I don't feel
>>> save by posting it to the mailing list ;-)?
>> I ran into the "offset too large" problem myself with my own certs as well. It
>> turns out the 'asn1parse' util only likes PEM blobs, i.e. the parts starting
> asn1parse will expect PEM by default but is perfectly capable of processing raw
> DER too. Just use the "-inform DER" option.
100% true but that is not what I was referring to; my certs usually look 
like this:

         Version: 3 (0x2)
         Serial Number: 5338 (0x14da)
         Signature Algorithm: sha256WithRSAEncryption

it's that part *before* the --BEGIN CERTIFICATE--  on which the 
asn1parse command chokes. You can feed it either a DER file or a PEM 
blob - but not a certificate file with the certificate info listed in it.


More information about the openssl-users mailing list