Solved: OpenSSL unable to load certificates errors

matt.hursey · ‎07-11-2022

I am trying to combine our CA issued .crt with the our private.key in order to load it to our FTD VPN device. I've been using OpenSSL in expert mode on the FTD CLI to accomplish this. Is there anyone that is more familiar with openssl that has seen the following errors or knows how to interpret them?

root@VPN01:/ngfw/Volume/home/admin# openssl pkcs12 -export -out 4100vpn.pfx -inkey private.key -in 4100vpn.crt

unable to load certificates

140482854900800:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:

140482854900800:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_CINF

140482854900800:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=cert_info, Type=X509

140482854900800:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib:crypto/pem/pem_info.c:196:

root@VPN01:/ngfw/Volume/home/admin#

I have tried the openssl command on different devices with the same results.

Thanks

Matt

matt.hursey · ‎08-01-2022

So, it seems that you shouldn't use the OpenSSL that is on the FTDs. I tried this on my Linux computer with the same results. I was able to get this to work with OpenSSL installed on my Windows computer. Which seems counter intuitive.

View solution in original post

matt.hursey · ‎08-01-2022

So, it seems that you shouldn't use the OpenSSL that is on the FTDs. I tried this on my Linux computer with the same results. I was able to get this to work with OpenSSL installed on my Windows computer. Which seems counter intuitive.