Troubleshooting
Problem
You are trying to install certificates using cli 'store certificate gim console' (or similar for sniffer) and you get a response similar to:
[]
unable to load certificate
139873696147272:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:
wrong tag:tasn_dec.c:1345:
139873696147272:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
nested asn1 error:tasn_dec.c:393:Type=X509_CINF
139873696147272:error:0D08303A:asn1 encoding routines:
ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:777:
Field=cert_info, Type=X509
139873696147272:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:
pem_oth.c:83:
Can not get the certificate.
err
[
]
Symptom
You can read/view the certificate in Windows Certificate Tool.
You cannot view the certificate using the Open SSL command:
openssl x509 -in sniffcertnew1 -text -noout
You get the same error as when you tried to import it.
Cause
The certificate is corrupt and not in the PEM format that Guardium requires.
Resolving The Problem
1. Convert the certificate using this command:
openssl pkcs7 -print_certs -in <originalCertificate> -out <newCertificate>
2. Use the <newCertificate>
text for import with CLI.
Note: Now you can view the certificate with the -text -noout command.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21990375