Aug 13, 2015, 12:13 PM
191 Posts

Looks like some component of the certificate is bad

  • Category: Security
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 4
Try running this OpenSSL command on the certificate:

OpenSSL> x509 -in c:\temp\keys\server.crt -text -noout -nameopt "esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq, oid, dump_unknown"

This causes portions of the certificate to be displayed with the OID instead of the default short name. The error indicates there's a problem with one or more of them. I don't have one with unrecognized OIDs, so I don't know what dump_unknown will provide, but presumably it should identify the bad ones. Here's what a portion of good data looks like:

        Version: 1 (0x0)
        Serial Number:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: = US, = Texas, = Round Rock, =
Acme, 1.2.840.113549.1.9.1 =
            Not Before: Aug 13 14:46:11 2015 GMT
            Not After : Aug 10 14:46:11 2025 GMT
        Subject: = US, = Texas, = Round Rock, =
 Acme, =, 1.2.840.113549.1.9.1 =

An OID reference can be found here: