-
-
Save jnahorny/9ccbb186c9f7c20c9f3e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# create a certificate with openssl command line tool | |
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem | |
# Pry session | |
[1] pry(main)> require 'openssl' | |
=> true | |
[2] pry(main)> RUBY_VERSION | |
=> "2.3.0" | |
[3] pry(main)> OpenSSL::OPENSSL_VERSION | |
=> "OpenSSL 1.0.2d 9 Jul 2015" | |
[4] pry(main)> cert_pem_str=File.read("mycert.pem") | |
=> "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALYwA4a/vvxkTP98\nieu6KB1bbfQ4LPWVg9U4jijNhBR5fEWGK5eh7R0SBhmHBLQF73XSq5agFFkVnOI+\n+8EXMmfMLmFrGSDXalOWQYNs11l989mob4ForPZQ7mCtmzF/lwz14zyLuMIYRZLf\nFGx70KSkb7V8Lwc26synN1P0tiKHAgMBAAECgYBaTNQCntlnucMcQrsNlpg5bM7D\n5HAMTU4pib2UZcDYcRpyTz0eDAk9hmh1kKF5JRP6PzADGVbcjMTUsskPfJLjX43Q\nxmoZW7tJfsfkthLqMXsXuj1qMOo677j8Z8+1V2iGz7iDrpmWvBCkbN+6zyAPOkcR\nDYxpOloCtlTj3XhJQQJBANnTM497J7z0pr6XiGobXN3p2gVq7FHT+F8FziOoFk+S\nBIIzR8cEy7fbh1SCkuOSSvsdblXTvdU8RMkPVDA4FaECQQDWHezQVRlMe8Py+gQ7\nVMA6xfO1zBx9qxYHoRcfkAA3vHp3DMqqu5i0ipsPFpnOgW5Qojh8ehx2I5powWTq\n/XcnAkBMpB4pJsj1mBMvTjvmMZh8UDKw400hAXcLYAyGyTaIarUBZq+jm9Fd8HTu\nTD8IqUmOj21p72WEqH7/S1Bw4trhAkEAxo8TuBLilhnEGgQefoLWjOpbWgDBfwx0\nLnkFv4BDo2xGyTX0j6XOM8bBiplz4pwGmAIHje+Tiz7zBygpFP4eSwJBAMXvwqSK\n20L2/LSQmYrBmYbYyYIEgUssJkBBwzwzbwdvLqWbRtS3a+lI/iE5TIQDqrUQDZDn\nZ33GEOqNh+Z1/Ps=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIICWDCCAcGgAwIBAgIJALD8WZ17qxjZMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwMzAzMTUwNDM2WhcNMTcwMzAzMTUwNDM2WjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\ngQC2MAOGv778ZEz/fInruigdW230OCz1lYPVOI4ozYQUeXxFhiuXoe0dEgYZhwS0\nBe910quWoBRZFZziPvvBFzJnzC5haxkg12pTlkGDbNdZffPZqG+BaKz2UO5grZsx\nf5cM9eM8i7jCGEWS3xRse9CkpG+1fC8HNurMpzdT9LYihwIDAQABo1AwTjAdBgNV\nHQ4EFgQUPVtWb3LwBSK8RvPnC0RO1pLIxaowHwYDVR0jBBgwFoAUPVtWb3LwBSK8\nRvPnC0RO1pLIxaowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBfmdEp\n42rFLI+daX0Xo+lvE5fdQ4MOmFwMdTxH8gTrTm8cXLx7E15/pA2C2d3Zp7gn4ClP\nSEzFLUnED6txVysqCLsT3OOPaRnWhZL3uAJST8xTdlQkbASB9wWkdYwsjIAlwxbU\n58zecwLCcmJ2PS240WcC7fP8aI9HeuT1P39XnA==\n-----END CERTIFICATE-----\n" | |
[5] pry(main)> OpenSSL::X509::Certificate.new(cert_pem_str) | |
=> #<OpenSSL::X509::Certificate | |
subject=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>, | |
issuer=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>, | |
serial=#<OpenSSL::BN 12753166777725950169>, | |
not_before=2016-03-03 15:04:36 UTC, | |
not_after=2017-03-03 15:04:36 UTC> | |
[6] pry(main)> cert_pem_obj = OpenSSL::X509::Certificate.new(cert_pem_str) | |
=> #<OpenSSL::X509::Certificate | |
subject=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>, | |
issuer=#<OpenSSL::X509::Name O=Internet Widgits Pty Ltd,ST=Some-State,C=AU>, | |
serial=#<OpenSSL::BN 12753166777725950169>, | |
not_before=2016-03-03 15:04:36 UTC, | |
not_after=2017-03-03 15:04:36 UTC> | |
[7] pry(main)> cert_p7b_obj = OpenSSL::PKCS7.new() | |
=> #<OpenSSL::PKCS7:0x007febb09595b8> | |
[8] pry(main)> cert_p7b_obj.type = :signed | |
=> :signed | |
[9] pry(main)> cert_p7b_obj.add_certificate(cert_pem_obj) | |
=> #<OpenSSL::PKCS7:0x007febb09595b8> | |
[10] pry(main)> OpenSSL::PKCS7.new(cert_p7b_obj.to_s) | |
ArgumentError: Could not parse the PKCS7: nested asn1 error | |
from (pry):10:in `initialize' | |
- also checked with the latest ruby head version (2.4.0) and got the same error | |
# checking with openssl command line tool | |
- first, write the PKCS7 certificate to file from the Pry session: | |
[11] pry(main)> File.open("mycert-from_pem_ruby.pb7", 'w+') {|file| file.write(cert_p7b_obj)} | |
- check with openssl tool: | |
$ openssl pkcs7 -in mycert-from_pem_ruby.pb7 -noout -text -print_certs | |
unable to load PKCS7 object | |
140735278825552:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:283: | |
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=type, Type=PKCS7 | |
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=contents, Type=PKCS7_SIGNED | |
140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694: | |
140735278825552:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:557:Field=d.sign, Type=PKCS7 | |
140735278825552:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment