Regarding SSL cert generation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding SSL cert generation

ajithmamachan83
This post was updated on .
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: Regarding SSL cert generation

Dave Thompson-5
>From: [hidden email] On Behalf Of Ajith Mamachan
>Sent: Tuesday, 18 June, 2013 03:03

>When I generated the cert thru openssl, It not starting with BEGIN
CERTIFICATE,
>rather with
>Certificate:
>    Data:
<snip>
>This  creates problem in importing the cert to my server.
>Anyone knows , whether the format is different or not?Anyone please explain

If you used openssl (commandline) 'ca' it puts a human-readable
display first as a "comment" and then the actual PEM certificate.
'x509' can be made to do this also. openssl when reading PEM files
ignores such "comments" but other implementations don't.

You can just edit the file to delete everything except the
----BEGIN line to the -----END line (inclusive). That's the
actual cert. If you want the program to do this for you,
just run it through 'x509' without making any change:
  openssl x509 -in cert_with_comments -out cert_without_comments
Or you can easily do it with sed or awk on Unix (or on Windows
if you have Unix-like tools installed).

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Regarding SSL cert generation

Stefan H. Holek
In reply to this post by ajithmamachan83
On 18.06.2013, at 09:03, Ajith Mamachan wrote:

When I generated the cert thru openssl, It not starting with BEGIN CERTIFICATE,
rather with

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha1WithRSAEncryption

This  creates problem in importing the cert to my server.

You can pass the -notext option to the openssl ca command to avoid this output.