RE: [squid-users] Problems with SSL Cert on squid 2.5STABLE1

From: Peter Robinson <peterr@dont-contact.us>
Date: Wed, 22 Jan 2003 14:17:06 +0800

> > When I run the following command I get the following.
> >
> > [root@www squid]# openssl x509 -noout -text -in intranet.crt
> > unable to load certificate
> > 23088:error:0D0A2007:asn1 encoding routines:d2i_X509_CINF:expecting
> > an asn1
> > sequence:x_cinf.c:106:address=135765866 offset=0
> > 23088:error:0D09F004:asn1 encoding routines:d2i_X509:nested asn1
> > error:x_x509.c:103:address=135765864 offset=2
> > 23088:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> > lib:pem_lib.c:290:
>
> Well, your openssl error suggests that the cert is not in PEM format.
> Also, it seems likely that it has nothing to do with Squid...
>
> However I found a couple of interesting articles, it seems
> that verisign
> may send the cert in a pkcs7 wrapper. I haven't bought a verisign cert
> before, so I don't have any first hand experience, however you may be
> able to do this to get the PEM formatted cert out of the wrapper:
>
> openssl pkcs7 -in intranet.crt -print_certs

Thanks for that, this appears to be the problem. Its now working although it
doesn't appear to have a common name for the authority and comes up and
states that it doesn't know who the authority is. Blah Blah, browser is
Mozilla 1.3a

Peter
Received on Tue Jan 21 2003 - 23:11:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:46 MST