Error 336445449 (140DC009):SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Error 336445449 (140DC009):SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

Nadav Golombick
I am having a problem with the SSL_use_certificate_chain_file function
after calling bad file, then trying to call the same function using a
good file.
The scenarion is as follows:
First I try and use a bad file and get the error that there is no start line.
I free the SSL_CTX object, create a new one and try and call the
function again, this time with a good file. That's when this error
appears.
If I try and call the good file for a second time, it succeeds.

My question is how do I call the good file the first time round?

--
Nadav Golombick
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Error 336445449 (140DC009):SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

Ambarish Mitra

This is possibly because of freeing the SSL CTX object. The CTX holds
several information about the environment, ciphers and freeing it and then
creating it may not initialize the CTX correctly.


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Nadav Golombick
Sent: Thursday, October 27, 2005 12:55 PM
To: [hidden email]
Subject: Error 336445449 (140DC009):SSL
routines:SSL_CTX_use_certificate_chain_file:PEM lib


I am having a problem with the SSL_use_certificate_chain_file function
after calling bad file, then trying to call the same function using a
good file.
The scenarion is as follows:
First I try and use a bad file and get the error that there is no start
line.
I free the SSL_CTX object, create a new one and try and call the
function again, this time with a good file. That's when this error
appears.
If I try and call the good file for a second time, it succeeds.

My question is how do I call the good file the first time round?

--
Nadav Golombick
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

A problem with pfx to p12 conversion

dave haug


I have encountered a problem in converting from pfx to p12 format.

Using OpenSSL 9.7, I was able to convert the certificate to PEM format

  openssl pkcs12 -in foo.pfx -out foo.pem

Foo.pem is created but it is a format I did not recognize and sketched
below. I attempted to create the P12 using

  openssl pkcs12 -in foo.pem -out foo.p12 -name 'server.mydomain.com'

   2340:error:0E0680A8:asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag:
.\crypto\asn1\tasn-dec:946:
   2340:error:0D07803A:asn1 encoding routines: ASN1_ITEM_EX_D2I nested asn1
error: .\crypto\asn1\ tasn_dec.c:304:TYPE=PKCS12

Does anyone have ideas on how I can proceed?

Thanks,

Dave Haug



Bag Attributes
        1.2.6.1.4.1.31.17.2:<No Values>
      ...
      Microsoft CSP Name:...
Key Attributes
      X509v3 Key Usage: 10
----- BEGIN RSA PRIVATE KEY ----
ProcType:4, Encrypted
DEK-Info: DES-EDE3-CBC,...

... encoded ....

----- END RSA PRIVATE KEY -----
Busy Attributes

Subject=...
Issuer=....
----- BEGIN CERTIFCATE -----
.....
----- END CERTIFICATE -----

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: A problem with pfx to p12 conversion

Dr. Stephen Henson
On Thu, Oct 27, 2005, dave haug wrote:

>
>
> I have encountered a problem in converting from pfx to p12 format.
>

PKCS#12 and PFX are the same format, no conversion is necessary unless you
want to change part of the file.

>
> Foo.pem is created but it is a format I did not recognize and sketched
> below. I attempted to create the P12 using
>
>   openssl pkcs12 -in foo.pem -out foo.p12 -name 'server.mydomain.com'
>

You need the -export option too.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: A problem with pfx to p12 conversion

dave haug
Dr. Steve,

  Thanks. I received the pfx file but the java keytool program for java
1.4.2_08 would not permit me to place it in jks keystore since it claimed
that there was no private key in the file. By converting it to P12 format,
we have been able to import it into our keystore. I completely overlooked
the -export option. Your help was terrific.... many thanks.

 
Kind Regards,
 
Dave Haug

Potomac Fusion Inc.
571.261.5920 (Office)
571.334.8279 (Cell)


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: Thursday, October 27, 2005 7:17 AM
To: [hidden email]
Subject: Re: A problem with pfx to p12 conversion

On Thu, Oct 27, 2005, dave haug wrote:

>
>
> I have encountered a problem in converting from pfx to p12 format.
>

PKCS#12 and PFX are the same format, no conversion is necessary unless you
want to change part of the file.

>
> Foo.pem is created but it is a format I did not recognize and sketched
> below. I attempted to create the P12 using
>
>   openssl pkcs12 -in foo.pem -out foo.p12 -name 'server.mydomain.com'
>

You need the -export option too.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Error 336445449 (140DC009):SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

Nadav Golombick
In reply to this post by Ambarish Mitra
I am performing the same free and new command every time. It does not
make sense to me that the object can only read the certificate the
second time I run free and new.
Is there another possible explanation?

On 10/27/05, Ambarish Mitra <[hidden email]> wrote:

>
> This is possibly because of freeing the SSL CTX object. The CTX holds
> several information about the environment, ciphers and freeing it and then
> creating it may not initialize the CTX correctly.
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]On Behalf Of Nadav Golombick
> Sent: Thursday, October 27, 2005 12:55 PM
> To: [hidden email]
> Subject: Error 336445449 (140DC009):SSL
> routines:SSL_CTX_use_certificate_chain_file:PEM lib
>
>
> I am having a problem with the SSL_use_certificate_chain_file function
> after calling bad file, then trying to call the same function using a
> good file.
> The scenarion is as follows:
> First I try and use a bad file and get the error that there is no start
> line.
> I free the SSL_CTX object, create a new one and try and call the
> function again, this time with a good file. That's when this error
> appears.
> If I try and call the good file for a second time, it succeeds.
>
> My question is how do I call the good file the first time round?
>
> --
> Nadav Golombick
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
Nadav Golombick
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]