Ruby OpenSSL nested asn1 error

2019-02-20 20:09发布

I have tried the advice on several of the questions posted here, but to no avail. I have the following files: (NOTE, I generated these on the fly and they are throwaway keys)

cert file:

-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIJAMLMeL/HH75vMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
VQQGEwJVUzENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
HjAcBgNVBAoTFU5pY2hvbGFzIFRlcnJ5IGRvdGNvbTEUMBIGA1UECxMLZGV2ZWxv
cG1lbnQxFjAUBgNVBAMTDW5pY2hvbGFzdGVycnkxKTAnBgkqhkiG9w0BCQEWGm5p
Y2hvbGFzQG5pY2hvbGFzdGVycnkuY29tMB4XDTE0MTIyNTA3MTkxNFoXDTE1MTIy
NTA3MTkxNFowga4xCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQH
Ew5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVTmljaG9sYXMgVGVycnkgZG90Y29t
MRQwEgYDVQQLEwtkZXZlbG9wbWVudDEWMBQGA1UEAxMNbmljaG9sYXN0ZXJyeTEp
MCcGCSqGSIb3DQEJARYabmljaG9sYXNAbmljaG9sYXN0ZXJyeS5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRA4sMOx8cn59h8xvE1EcwudGYgGID
WixEEz+8UczLzoIovbZI//iExrwfM7edYRU/HyIufx+dvHj5bRABt5pOwgEiolDA
XtIttxpsCX23gLg/40TQY2JXRv10JgxEQ3680ypghfAEXisOiIQGrT0W+k6WpIRo
/+z4zh/UPqUmvV3ZnzG97jsFiQ0Nu8IKlByLWzoef+2MqG0GO95do3gCcBhAF3tm
v+buNVi8DgJnYTnKKD5S1+KYRSkNNioRs3zE+/W0vCA0/kLiFjSjMq3bSuGJbHmt
N/8+lodfZYh1HB6DRZoyfTynNDRHyKpPGqTvfp8U/E91kkpxusVSQFbrAgMBAAGj
ggEXMIIBEzAdBgNVHQ4EFgQUPAm5VdPIPbdedLtCEmpivYi8xfkwgeMGA1UdIwSB
2zCB2IAUPAm5VdPIPbdedLtCEmpivYi8xfmhgbSkgbEwga4xCzAJBgNVBAYTAlVT
MQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UE
ChMVTmljaG9sYXMgVGVycnkgZG90Y29tMRQwEgYDVQQLEwtkZXZlbG9wbWVudDEW
MBQGA1UEAxMNbmljaG9sYXN0ZXJyeTEpMCcGCSqGSIb3DQEJARYabmljaG9sYXNA
bmljaG9sYXN0ZXJyeS5jb22CCQDCzHi/xx++bzAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4IBAQBIGsrZaWDwW2UWzTT2tbMEPOFVVZFZiWNazJLXFrXO1deW
1Ggaa2+h3tE+dMincQp7KPDeEOZ4VeXjrwZ1UfmJm5qOWhwJ2HnSBHay22tKO24Y
1qDF/ygMqW3yyr10MWZJaxQeUn+cgpclesS8IiTUVF61pYpjI8DrETa8Hwd8QJkC
YaB3qXOVWdbvJX3DTkYPDEqLkC0qzqibe8fWd0JFF5lDMAeCS5EgW+lu6M++dQve
u5L6Y1Xh8SvRB8SnZdy30OKNf0RrWPgNq9donv8nWgEJEYl9A/XRhWvl6ZWpQLEK
6GbCprqUIFgnWBhp0fteIMcgXZUe/oGBQ3/Yovd+
-----END CERTIFICATE-----

private key:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0QOLDDsfHJ+fYfMbxNRHMLnRmIBiA1osRBM/vFHMy86CKL22
SP/4hMa8HzO3nWEVPx8iLn8fnbx4+W0QAbeaTsIBIqJQwF7SLbcabAl9t4C4P+NE
0GNiV0b9dCYMREN+vNMqYIXwBF4rDoiEBq09FvpOlqSEaP/s+M4f1D6lJr1d2Z8x
ve47BYkNDbvCCpQci1s6Hn/tjKhtBjveXaN4AnAYQBd7Zr/m7jVYvA4CZ2E5yig+
UtfimEUpDTYqEbN8xPv1tLwgNP5C4hY0ozKt20rhiWx5rTf/PpaHX2WIdRweg0Wa
Mn08pzQ0R8iqTxqk736fFPxPdZJKcbrFUkBW6wIDAQABAoIBAEFpWHTFc+EjW1/u
EzywKm9nV97gHsxpxfywAXxQJUWLJVTWultyMDZtc6ZYKxiHr3yHo8zlX+GfgESf
Cyleal5HfM93+MmbYy+HZC93cO6izAbCe2C0GayyvNNCrQgYD2vMsjBu+kSDq/nq
Y1crlDjCsSGX7xBlN6ZN68wiptDOVa1aBL+H3kzHtarURVdKY1MXrscR760/o8Nh
qA/9GA1PoHQ7ApNG8oLVPS9SU4JU3PfURCQTk8otYZ4GrScpSeYp9ISi/UODlF1M
IY+B9Bfrf2Eftv8zP+eF1UbTeBmMq0boy+afZsugMqjN/FpUpxUALlRX96az+VY9
fDSuUPECgYEA9Vv8E4HBbnzPrzA6jyYNcSnkfzTcNxuYaIqTrxWSLi018u1kRa9Z
zLyKFNZRg3+RTWKAqDLKkC/oZZARlPcpx8uzV1T+zrffrnf2aK1LDHUHEmsMj7PY
2DIhghO90BPGuWPpbHjmpr51hHH6+n/LcLN0EHQ2T9wh5HZY75qup9cCgYEA2hQL
sE0+Bp2rFP2CMfl5SAhhtmjrTGg76mItMmGj/3ycZ6CxRw/5nSepau7nbCZXSK+i
Pp/EutuUNcD9ZmyP7z7In2PdWP8X8OSjd9abUn3cRPz8IjSOkbuUMKYWnweUl5Qw
IgygFDYYGjEclOuUlbIzzhp9zeOJAwY0vsxulw0CgYAeaEnzOO95++nZMkbvmq2r
yp9QzIJGKhtXSWVIG4pEQsIe2yDEKhkc8HjEYFM10sd1KbH8Jl9IQ0ev3ozvQzpg
UnRlbFkv0UXdX2ygSGm2n4JC3BVwcb97+6p/bmbltK26KBGzqcAcBhqWUXHjPZc+
3l6R83UPrJ5eq/QVrbvbfQKBgBwvNwuEEB4exnuh/++hhHEw1CAVE0P+vK+gHKNE
R0O/wR8Lf53ljKco9xZg5fvuQJ2eRWO+llhoBJGl7ZoNMdUD0j33VCYqYde6VP4p
+E0DAzLPV268SCjBi3d2H7pR6nxkpIviAdZa32aTLlR41e066MMcXWH8pDqF1M9L
8IcJAoGBAMgoNz/y5LOclcfTLsj/1eYYDDCyB0a2rDsykcYSxeUOibRSicIQnE09
VW3NHZS56gsz4LFCK0Jxq9w76u/ZnhU5FCHs0+BwzyDYnyUnZQre38hcbEcMbEoe
Scmh3qRTfoS74qJzxx/rfhqRnLQal/FR4qf8V559gmB8idZmgMwK
-----END RSA PRIVATE KEY-----

The md5s match for these and when I run the following command:

openssl pkcs12 -export -out azure2.pfx -inkey azure2.key -in azure2.crt

I get a binary encoded pkcs12 file back.

However, when i try to do an http post, i get the following error:

Uncaught exception: nested asn1 error

Any ideas?

EDIT:

I tried the following:

p12 = OpenSSL::PKCS12.new(File.read("azure2.pfx"))
p p12.certificate
p p12.ca_certs

and i get valid output.... So what gives?

1条回答
Melony?
2楼-- · 2019-02-20 20:22

So, once again, I answered my own question. I was trying to read a DER-form pkcs12. I had to convert it to PEM format.

查看更多
登录 后发表回答