search

cedadev / online_ca_client

1 stars 1 forks source link

onlineca-get-cert-wget.sh creates an invalid pem file #14

Open henryaddison opened 2 years ago

henryaddison commented 2 years ago

I've just started having problems with using the onlineca-get-cert-wget.sh. It seems to create an invalid pem file.

OS: Ubuntu 20.04.3 via WSL2 on Windows 10

Example

NB: supply your own ${CEDA_USERNAME}

./onlineca-get-cert-wget.sh -U https://slcs.ceda.ac.uk/onlineca/certificate/ -c ~/trustroots -l ${CEDA_USERNAME} -o $PWD/creds.pem

creates a file which looks like:

-----BEGIN CERTIFICATE-----...data...-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----...data...-----END PRIVATE KEY----------BEGIN CERTIFICATE-----...data...-----END CERTIFICATE-----

which is invalid according to my openssl (version 1.1.1n):

$ openssl x509 -in creds.pem -noout -text                                                                     unable to load certificate
139622549169344:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

Looks like a problem with newlines around the BEGIN and END statements as adding them in by hand so the pem file looks like the following fixes the problem:

-----BEGIN CERTIFICATE-----
...data...
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
...data...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...data...
-----END CERTIFICATE-----

Unforunately my awk and sed are not good enough to suggest a fix to the script.

henryaddison commented 2 years ago

As a work-around I am using sed to alter the file:

sed 's/KEY-----/&\n/g' creds.pem | sed 's/BEGIN CERTIFICATE-----/&\n/g' | sed 's/-----END/\n&/g'