I have .p12 file from Apple and tried to convert it to .pem file with following command:
openssl pkcs12 -in cert.p12 -out apple_push_notification_development.pem -nodes -clcerts
When trying the create new OpenSSL::X509::Certificate object with
OpenSSL::X509::Certificate.new(File.read('apple_push_notification_development.pem'))
I get the following error:
OpenSSL::X509::CertificateError: nested asn1 error
from (irb):9:in `initialize'
from (irb):9:in `new'
...
Did I do something wrong ? Being stuck, please help.
Thanks
Appreciate it's not your exact same scenario, but I was attempting to read in a PEM file (PKCS7) in my instance. OpenSSL CLI would decode it fine, but ruby kept throwing the same nested asn1 error that you describe when I tried to load it into an object.
In my case it needed a new line i.e. '\n' at the end of the PEM file for it to accept it.
I worked it out only when I created an empty object and compared the generated PEM output to the file I was trying to load.
So with a X509 cert maybe try:
cert = OpenSSL::X509::Certificate.new
cert.to_pem
=> "-----BEGIN CERTIFICATE-----\nMCUwGwIAMAMGAQAwADAEHwAfADAAMAgwAwYBAAMBADADBgEAAwEA\n-----END CERTIFICATE-----\n"
And compare it to your PEM file
As you can see it's terminated with a new line and that was missing in the file that I was trying to import.
I've had the same problem and im my case I needed to decode file content with Base64.
require 'openssl'
require 'base64'
encoded_content = File.read('apple_push_notification_development.pem')
decoded_content = Base64.decode64(encoded_content)
certificate = OpenSSL::X509::Certificate.new(decoded_content)
This also may happen when you forget to sign newly generated certificate. I wanted to use self-signed certificate but forgot signing part.
# Create key
key = OpenSSL::PKey::RSA.new(2048)
open("key.pem", "w") do |io| io.write(key.to_pem) end
# Generate certificate
name = OpenSSL::X509::Name.parse("CN=example.com/C=EE")
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 0
cert.not_before = Time.now
cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 year validity
cert.public_key = key.public_key
cert.subject = name
and this part of code is what I missed:
cert.issuer = name
cert.sign key, OpenSSL::Digest::SHA1.new
open "cert.pem", 'w' do |io| io.write cert.to_pem end
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 闹够了就滚 的文章《Getting OpenSSL::X509::CertificateError nested asn》','https://www.manongdao.com/article-177028.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}