SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

Question

I am trying to install SSL certificate from a certificate authority into my httpd server in CentOS 5.x. When I configure it and start the server I am getting the following errors,

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am following the procedure at http://wiki.centos.org/HowTos/Https to set up the ssl

Any pointers would be greatly helpful

Answer 1

I ran across the same issue. Heres my story and solution:

I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

# vim cert.pem
:set nobomb
:wq

via: https://stackoverflow.com/a/300474

Answer 2

The cert is probably faulty/corrupt. Can you regenerate from the authority?

For example, look at:

https://forum.startcom.org/viewtopic.php?f=15&t=2253

or

http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

You can do some checks on the certificate using openssl:

openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

Answer 3

A common reason I've seen this happen is that the file generated by the certificate authority has DOS line endings. openssl on Linux does not like that and will throw this error. Run dos2unix on the key file to fix this.

Answer 4

• open up key file in text editor
• convert from UTF --> ASCII
• Restart apache