Home / server / Questions / 368697
Accepted
Abhishek
Asked: 2012-03-12 22:27:37 +0800 CST

SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

  • 772

I am trying to install SSL certificate from a certificate authority into my httpd server in CentOS 5.x. When I configure it and start the server I am getting the following errors,

[error]Init: Unable to read server certificate from file /etc/pki/tls/certs/ssl_certificate.crt
[error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

I am following the procedure at http://wiki.centos.org/HowTos/Https to set up the ssl

Any pointers would be greatly helpful

centos ssl httpd mod-ssl ssl-certificate

4 Answers

  1. I ran across the same issue. Heres my story and solution:

    I've been saving the cert as UTF-8 with BOM (Byte order Mark) So you can just open that file with vim and save it without BOM:

    # vim cert.pem
:set nobomb
:wq

    via: https://stackoverflow.com/a/300474

    • 8
  2. Best Answer

    The cert is probably faulty/corrupt. Can you regenerate from the authority?

    For example, look at:

    https://forum.startcom.org/viewtopic.php?f=15&t=2253

    or

    http://lists.kolab.org/pipermail/kolab-users/2005-February/001986.html

    You can do some checks on the certificate using openssl:

    openssl x509 -in /etc/pki/tls/certs/ssl_certificate.crt -text -noout

    That should dump out the plain text of your certificate information. If it can't then there's something wrong with the certificate file.

    • 2

  3. A common reason I've seen this happen is that the file generated by the certificate authority has DOS line endings. openssl on Linux does not like that and will throw this error. Run dos2unix on the key file to fix this.

    • 0
    • open up key file in text editor
    • convert from UTF --> ASCII
    • Restart apache
    • -1