Otdfbt

When a candle burns, why does the top of wick glow if bottom of flame is hottest?

Crossing US/Canada Border for less than 24 hours

また usage in a dictionary

Can you use the Shield Master feat to shove someone before you make an attack by using a Readied action?

Is the Standard Deduction better than Itemized when both are the same amount?

If my PI received research grants from a company to be able to pay my postdoc salary, did I have a potential conflict interest too?

What does this Jacques Hadamard quote mean?

Can a new player join a group only when a new campaign starts?

Can anything be seen from the center of the Boötes void? How dark would it be?

Using audio cues to encourage good posture

How to convince students of the implication truth values?

Circuit to "zoom in" on mV fluctuations of a DC signal?

When was Kai Tak permanently closed to cargo service?

Dating a Former Employee

Is there a kind of relay only consumes power when switching?

Why are both D and D# fitting into my E minor key?

Can an alien society believe that their star system is the universe?

Would "destroying" Wurmcoil Engine prevent its tokens from being created?

How to react to hostile behavior from a senior developer?

Did MS DOS itself ever use blinking text?

8 Prisoners wearing hats

Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?

Why are the trig functions versine, haversine, exsecant, etc, rarely used in modern mathematics?

Significance of Cersei's obsession with elephants?

SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

0

I am trying to install SSL certificate from a certificate authority into my httpd server in CentOS 5.x. When I configure it and start the server I am getting the following errors,

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am following the procedure at http://wiki.centos.org/HowTos/Https to set up the ssl

Any pointers would be greatly helpful

centos ssl ssl-certificate httpd mod-ssl

share|improve this question

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Could you please post the certificate file and the relevant config snippets? It seems that openssl doesn't like your certificate, but without more info, it's hard to say anything.
  
  – Lacek
  Mar 12 '12 at 8:24
  

  
  
  
  

add a comment | 

1

0

I am trying to install SSL certificate from a certificate authority into my httpd server in CentOS 5.x. When I configure it and start the server I am getting the following errors,

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am following the procedure at http://wiki.centos.org/HowTos/Https to set up the ssl

Any pointers would be greatly helpful

centos ssl ssl-certificate httpd mod-ssl

share|improve this question

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Could you please post the certificate file and the relevant config snippets? It seems that openssl doesn't like your certificate, but without more info, it's hard to say anything.
  
  – Lacek
  Mar 12 '12 at 8:24
  

  
  
  
  

add a comment | 

I am trying to install SSL certificate from a certificate authority into my httpd server in CentOS 5.x. When I configure it and start the server I am getting the following errors,

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am following the procedure at http://wiki.centos.org/HowTos/Https to set up the ssl

Any pointers would be greatly helpful

centos ssl ssl-certificate httpd mod-ssl

share|improve this question

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

share|improve this question

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

share|improve this question

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

asked Mar 12 '12 at 6:27

AbhishekAbhishek

193238

3 Answers
3

active

oldest

votes

2

The cert is probably faulty/corrupt. Can you regenerate from the authority?

For example, look at:

https://forum.startcom.org/viewtopic.php?f=15&t=2253

or

http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

You can do some checks on the certificate using openssl:

openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

share|improve this answer

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

add a comment | 

3

I ran across the same issue. Heres my story and solution:

I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

# vim cert.pem
:set nobomb
:wq

via: https://stackoverflow.com/a/300474

share|improve this answer

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you! I could see the error using a cat file.pem and appear some strange character at the beginning of the file something like : ----- BEGIN CERTIFICATE ----
  
  – Fernando Rosado
  Jun 27 '17 at 15:21
  
  

  
  
  
  

add a comment | 

-1

• open up key file in text editor


• convert from UTF --> ASCII


• Restart apache

share|improve this answer

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f368697%2fssl-library-error-218570875-error0d07207basn1-encoding-routinesasn1-get-obje%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

2

The cert is probably faulty/corrupt. Can you regenerate from the authority?

For example, look at:

https://forum.startcom.org/viewtopic.php?f=15&t=2253

or

http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

You can do some checks on the certificate using openssl:

openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

share|improve this answer

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

add a comment | 

2

The cert is probably faulty/corrupt. Can you regenerate from the authority?

For example, look at:

https://forum.startcom.org/viewtopic.php?f=15&t=2253

or

http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

You can do some checks on the certificate using openssl:

openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

share|improve this answer

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

add a comment | 

The cert is probably faulty/corrupt. Can you regenerate from the authority?

For example, look at:

https://forum.startcom.org/viewtopic.php?f=15&t=2253

or

http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

You can do some checks on the certificate using openssl:

openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

share|improve this answer

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

share|improve this answer

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

answered Mar 12 '12 at 8:45

cjccjc

21.7k23557

3

I ran across the same issue. Heres my story and solution:

I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

# vim cert.pem
:set nobomb
:wq

via: https://stackoverflow.com/a/300474

share|improve this answer

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you! I could see the error using a cat file.pem and appear some strange character at the beginning of the file something like : ----- BEGIN CERTIFICATE ----
  
  – Fernando Rosado
  Jun 27 '17 at 15:21
  
  

  
  
  
  

add a comment | 

3

I ran across the same issue. Heres my story and solution:

I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

# vim cert.pem
:set nobomb
:wq

via: https://stackoverflow.com/a/300474

share|improve this answer

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thank you! I could see the error using a cat file.pem and appear some strange character at the beginning of the file something like : ----- BEGIN CERTIFICATE ----
  
  – Fernando Rosado
  Jun 27 '17 at 15:21
  
  

  
  
  
  

add a comment | 

I ran across the same issue. Heres my story and solution:

I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

# vim cert.pem
:set nobomb
:wq

via: https://stackoverflow.com/a/300474

share|improve this answer

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

# vim cert.pem
:set nobomb
:wq

share|improve this answer

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

edited May 23 '17 at 12:41

Community♦

1

edited May 23 '17 at 12:41

Community♦

1

answered May 6 '13 at 9:00

user172554user172554

312

answered May 6 '13 at 9:00

user172554user172554

312

-1

• open up key file in text editor


• convert from UTF --> ASCII


• Restart apache

share|improve this answer

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

-1

• open up key file in text editor


• convert from UTF --> ASCII


• Restart apache

share|improve this answer

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

• open up key file in text editor


• convert from UTF --> ASCII


• Restart apache

share|improve this answer

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited Apr 12 at 19:45

Fahad Sadah

1,398921

edited Apr 12 at 19:45

Fahad Sadah

1,398921

answered Apr 12 at 6:53

ChrisChris

1

New contributor

Chris is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered Apr 12 at 6:53

ChrisChris

1