Open henryaddison opened 2 years ago
I've just started having problems with using the onlineca-get-cert-wget.sh. It seems to create an invalid pem file.
OS: Ubuntu 20.04.3 via WSL2 on Windows 10
NB: supply your own ${CEDA_USERNAME}
${CEDA_USERNAME}
./onlineca-get-cert-wget.sh -U https://slcs.ceda.ac.uk/onlineca/certificate/ -c ~/trustroots -l ${CEDA_USERNAME} -o $PWD/creds.pem
creates a file which looks like:
-----BEGIN CERTIFICATE-----...data...-----END CERTIFICATE----- -----BEGIN PRIVATE KEY-----...data...-----END PRIVATE KEY----------BEGIN CERTIFICATE-----...data...-----END CERTIFICATE-----
which is invalid according to my openssl (version 1.1.1n):
$ openssl x509 -in creds.pem -noout -text unable to load certificate 139622549169344:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
Looks like a problem with newlines around the BEGIN and END statements as adding them in by hand so the pem file looks like the following fixes the problem:
-----BEGIN CERTIFICATE----- ...data... -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- ...data... -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- ...data... -----END CERTIFICATE-----
Unforunately my awk and sed are not good enough to suggest a fix to the script.
As a work-around I am using sed to alter the file:
sed 's/KEY-----/&\n/g' creds.pem | sed 's/BEGIN CERTIFICATE-----/&\n/g' | sed 's/-----END/\n&/g'
I've just started having problems with using the onlineca-get-cert-wget.sh. It seems to create an invalid pem file.
OS: Ubuntu 20.04.3 via WSL2 on Windows 10
Example
NB: supply your own
${CEDA_USERNAME}
./onlineca-get-cert-wget.sh -U https://slcs.ceda.ac.uk/onlineca/certificate/ -c ~/trustroots -l ${CEDA_USERNAME} -o $PWD/creds.pem
creates a file which looks like:
which is invalid according to my openssl (version 1.1.1n):
Looks like a problem with newlines around the BEGIN and END statements as adding them in by hand so the pem file looks like the following fixes the problem:
Unforunately my awk and sed are not good enough to suggest a fix to the script.