failed to parse key: ASN.1
1,443 views
Skip to first unread message
Axel U
Nov 16, 2011, 8:20:21 PM11/16/11
to golan...@googlegroups.com
generated a self signed cert:
openssl req -x509 -nodes -days 365 -subj '/C=US/ST=<state here>/CN=<domain here>' -newkey rsa:1024 -keyout key.pem -out cert.pem
running
err := http.ListenAndServeTLS(":10443", "cert.pem", "key.pem", nil)as documented in package documentation
and getting error
crypto/tls: failed to parse key: ASN.1 structure error: tags don't match (2 vs {class:0 tag:16 length:13 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 set:false} @5
I verified the cert, etc. and everything looks good.
Any suggestions? Any special config needed when generating the cert/key with openssl?
Kyle Lemons
Nov 16, 2011, 9:57:04 PM11/16/11
to golan...@googlegroups.com
I use a simple script to do it, since I need to do it somewhat frequently. I scrubbed it and put it on gist: https://gist.github.com/1372236 - just fill in the <param>s and off you go.
Axel U
Nov 16, 2011, 10:11:16 PM11/16/11
to golan...@googlegroups.com
On my machine there is OpenSSL 1.0.0e 6 Sep 2011.
Went to a different box that had OpenSSL 0.9.7d 17 Mar 2004.
I generated the self signed cert on the machine with OpenSSL 0.9.7 with the very same command, and that one works, the cert generated with OpenSSL 1.0.0e throws the above error. I am good or now, but it should be looked into in the go package.
agl
Nov 17, 2011, 10:40:51 AM11/17/11
to golang-nuts
On Nov 16, 10:11 pm, Axel U <ulrich.a...@gmail.com> wrote:
> On my machine there is OpenSSL 1.0.0e 6 Sep 2011.
> Went to a different box that had OpenSSL 0.9.7d 17 Mar 2004.
It looks like OpenSSL 1.x has switched and no longer generates RSA
> On my machine there is OpenSSL 1.0.0e 6 Sep 2011.
> Went to a different box that had OpenSSL 0.9.7d 17 Mar 2004.
structures by default, but rather generic PublicKey structures.
You can fix this with:
% openssl rsa -in key.pem -out rsakey.pem
But, yes, I'll change things so that we can parse both types of keys
in crypto/tls.
Cheers
AGL
agl
Nov 21, 2011, 3:00:42 PM11/21/11
to golang-nuts
On Nov 17, 10:40 am, agl <a...@golang.org> wrote:
> But, yes, I'll change things so that we can parse both types of keys
> in crypto/tls.
> But, yes, I'll change things so that we can parse both types of keys
> in crypto/tls.
Done in https://code.google.com/p/go/source/detail?r=4bec71996c9f00d1e1710e4094f6cbb712764dca
Cheers
AGL
fif...@gmail.com
Nov 13, 2018, 9:26:29 AM11/13/18
to golang-nuts
golang 1.11.2 The problem is still
在 2011年11月22日星期二 UTC+8上午4:00:42,agl写道:
在 2011年11月22日星期二 UTC+8上午4:00:42,agl写道:
Reply all
Reply to author
Forward
0 new messages