Forum Discussion
"ASN1_CHECK_TLEN:wrong tag" when importing a PEM certificate
i'm having an issue on importing a certificate into the F5.
When i import the certificate, i'm having this error message: "Import Failed: Open SSL error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
The certificate file began by:
---BEGIN CERTIFICATE---------------------
Proc-Type: 4, ENCRYPTED
DEK-Info: DES-EDE3-CBC,F488....
(And here the certificate code)
-----------END CERTFICATE------
Do i need to do somethink with open ssl befor importing the file?
How can i do to import it?
Thanks in advance for your help.
- tarma_58716Nimbostratusfinally i used openssl to transform the ssl certificate from pem to der and it worked fine.
- Allanwynn_16283Nimbostratus
Hi how did you convert it to der? can you send me a sample.
- natheCirrocumulus
Here's an example:
openssl x509 -inform PEM -outform DER -in server.pem -out server.der
- Allanwynn_16283Nimbostratus
Thank you sir, but I am really not familiar with that, what i have a .cer file and .crt file, but my issue is same with what you had with this post.
I am really a newbie with this type of subject, certificates, :D
- lkchenNimbostratus
Interesting...I got this error today, while trying to update device certificate on our vCMP (standalone) hosts.
I started to do the conversion to DER, when I took another when I noticed that my files has .key before .cer (PEM)...due to how the files got named.
fully.qualified.name_server.key fully_qualified_name_server.cer
Trying again, paying careful attention to which when into which section... and this time the PEM version worked without this error. 🙂
Still trying to figure out what I should do about the vCMP pairs.
LKC
In my case, the error was due the string format of the PEM file. Converting directly from array to string without line breaks does not work so those had to be added.
Using powershell I managed to solve it like this:
Function Import-KeyToF5 { Param($F5, $KeyPEM, [string]$KeyName) $ManagementModetype = New-Object iControl.ManagementKeyCertificateManagementModeType $SecurityType = New-Object iControl.ManagementKeyCertificateSecurityType $F5.ManagementKeyCertificate.key_import_from_pem_v2($ManagementModetype, @($KeyName), @($KeyPem), $SecurityType, @(""), $true) } Convert the PEM key from an array of strings to a string with line breaks $TempPem = $KeyPEM -join "`n" Import-KeyToF5 -F5 $f5 -KeyPEM ([string]$TempPem) -KeyName "star.test.test.key"
Hope it helps someone!
/Patrik
- ThomasK_293447Nimbostratus
This error is due to invalid certificate format.
Additional or trailing spaces Installing a certificate format other than X.509
Solution To resolve this issue:
Download the X.509 version of the certificate from the RapidSSL portal. Make sure the file has no trail or leading spaces within the certificate file.
We solved the issue while trying to add SSL to ginstr business apps platform.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com