Aug 13, 2015 12:13 PM
191 Posts

Looks like some component of the certificate is bad

  • Category: Security
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 4
Try running this OpenSSL command on the certificate:

OpenSSL> x509 -in c:\temp\keys\server.crt -text -noout -nameopt "esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq, oid, dump_unknown"

This causes portions of the certificate to be displayed with the OID instead of the default short name. The error indicates there's a problem with one or more of them. I don't have one with unrecognized OIDs, so I don't know what dump_unknown will provide, but presumably it should identify the bad ones. Here's what a portion of good data looks like:

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            ff:31:b2:d0:c2:e1:02:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: 2.5.4.6 = US, 2.5.4.8 = Texas, 2.5.4.7 = Round Rock, 2.5.4.10 =
Acme, 1.2.840.113549.1.9.1 = nobody@acme.com
        Validity
            Not Before: Aug 13 14:46:11 2015 GMT
            Not After : Aug 10 14:46:11 2025 GMT
        Subject: 2.5.4.6 = US, 2.5.4.8 = Texas, 2.5.4.7 = Round Rock, 2.5.4.10 =
 Acme, 2.5.4.3 = server.acme.com, 1.2.840.113549.1.9.1 = nobody@acme.com

An OID reference can be found here: https://technet.microsoft.com/en-us/library/cc772812%28WS.10%29.aspx.