问题
I am trying to do a simple
OpenSSL::X509::Certificate.new(File.read("testuser.p12"))
from irb with ruby 1.8.7 (or 1.9.2), same result for both. The error I get back is OpenSSL::X509::CertificateError: nested asn1 error
Is this a ruby issue, or does this suggest the cert itself is malformed? I've found some similar reports revolving around an amazon cert demonstrating such errors, which turned out to be the cert itself. It works in the browser though. Suggestions on how to resolve this?
回答1:
"testuser.p12" seems to be a PKCS#12 file according to the postfix. Reading PKCS#12 format as X.509 certificate format causes ASN.1 decoding error.
You should do OpenSSL::PKCS12.new(File.read("testuser.p12")) instead. If the file is protected with passphrase (it's normal), give the passphrase as the second parameter for PKCS12.new like OpenSSL::PKCS12.new(File.read("testuser.p12"), "pass")
You can extract certificate and CA certificates by PKCS12#certificate and PKCS12#ca_certs methods.
p12 = OpenSSL::PKCS12.new(File.read("testuser.p12"), "pass")
p p12.certificate
p p12.ca_certs
来源:https://stackoverflow.com/questions/8720981/ruby-error-reading-in-certificate-file-with-openssl