FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.


Aug 13, 2015, 12:13 PM
191 Posts

Looks like some component of the certificate is bad

  • Category: Security
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 4
Try running this OpenSSL command on the certificate:

OpenSSL> x509 -in c:\temp\keys\server.crt -text -noout -nameopt "esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq, oid, dump_unknown"

This causes portions of the certificate to be displayed with the OID instead of the default short name. The error indicates there's a problem with one or more of them. I don't have one with unrecognized OIDs, so I don't know what dump_unknown will provide, but presumably it should identify the bad ones. Here's what a portion of good data looks like:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            ff:31:b2:d0:c2:e1:02:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: 2.5.4.6 = US, 2.5.4.8 = Texas, 2.5.4.7 = Round Rock, 2.5.4.10 =
Acme, 1.2.840.113549.1.9.1 = nobody@acme.com
        Validity
            Not Before: Aug 13 14:46:11 2015 GMT
            Not After : Aug 10 14:46:11 2025 GMT
        Subject: 2.5.4.6 = US, 2.5.4.8 = Texas, 2.5.4.7 = Round Rock, 2.5.4.10 =
 Acme, 2.5.4.3 = server.acme.com, 1.2.840.113549.1.9.1 = nobody@acme.com

An OID reference can be found here: https://technet.microsoft.com/en-us/library/cc772812%28WS.10%29.aspx.

FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.