openssl x509:No filename or uri specified for loading certificate - ios

openssl x509 -inform DER -noout -subject <certificate
Error:
No filename or uri specified for loading certificate
Unable to load certificate

I found that it was the OpenSSL version that caused this, I used the alpha version(OpenSSL 3.0.0-alpha7-dev)
Changing to a stable version of OpenSSL solved my problem.

Related

How to convert .cer file to .pem file

I had export .cer file from keychain and using below command try to convert in .pem file but in resulted .pem file missing
-----BEGIN PRIVATE KEY-----
please any one can give another way to do that
command are like
openssl pkcs7 -text -in certfile.cer -print_certs -outform PEM -out certfile.pem
If anyone wants to use command which is recommended for creating pem file,
then here is solution on my gist.
openssl x509 -in aps_development.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -in PushChatKey.p12 -out PushChatKey.pem
cat PushChatCert.pem PushChatKey.pem > ck.pem
First 3 commands will generate pem, but if you want to test then 4th and 5th command will be necessary.
If you got error that about unknown command 'telnet' then install telnet from brew.
Also, I have the same issue when I convert .p12 file into .pem file
when I open that .pem file in that missing ----BEGIN PRIVATE KEY-----
So after searching find out solution use this convert .p12 to .pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
Look no further. This is all that it takes.

Get serial number from a certificate using Ruby

Is there a way to know a certificate serial number with Ruby? I know I can get it by using:
openssl x509 -inform DER -in file.cer -noout -serial >"serial.txt"
You can directly run shell commands in ruby and gets its output to a variable. I assume you will have to do something along the line of:
serial = `openssl x509 -inform DER -in file.cer -noout -serial`
Here is a more detailed answer: Calling shell commands from Ruby
There is module OpenSSL in standard library, which includes class OpenSSL::X509::Certificate, with method #serial

Certificate signing request, certificate and private key MD5 matching

I'm using custom library for CSR generation in iOS. For some reason, certificate is not matching with my keys.
MD5 for private key:
openssl rsa -noout -modulus -in private19_ios.key | openssl md5
(stdin)= 94e252d4246b96a0f15149d68e1c9868
MD5 for csr generated by custom library:
openssl req -noout -modulus -in CSR19_ios.csr | openssl md5
(stdin)= 94e252d4246b96a0f15149d68e1c9868
MD5 for cert:
openssl x509 -noout -modulus -in cert19_1_ios.pem | openssl md5
(stdin)= 7539a7817ce7843f2d7bbe89835bdc4d
As you can see, MD5:s of modulos matches in private key and csr, but not with certificate.
Then I have used openssl to generate CSR. MD5 of that CSR is following:
openssl req -noout -modulus -in CSR19_openssl.csr | openssl md5
(stdin)= 94e252d4246b96a0f15149d68e1c9868
Using this csr I got certificate that matches with my key md5:
openssl x509 -noout -modulus -in cert19_1_openssl.pem | openssl md5
(stdin)= 94e252d4246b96a0f15149d68e1c9868
My question is, where do you think the error might be? Is the problem in the CSR even though MD5 of modulos matches in both custom library generated CSR and openssl generated CSR?

Error In Push Notification on Distribution

I have implement the push notification after create the ck.pem file on development end. But when i create on distribution end then we check the ck.pem file is correct or not.I have error show below:-
pksinghs-Mac-mini:SchoolPush pksingh$ php /Users/pksingh/Desktop/SchoolPush/simplepush.php
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): Failed to enable crypto in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Warning: stream_socket_client(): unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /Users/pksingh/Desktop/SchoolPush/simplepush.php on line 21
Failed to connect: 0
pksinghs-Mac-mini:SchoolPush pksingh$
i have ck.pem file and pushnofication.php in same folder on desktop.
Can anybody help me.
Find the tutorial for how to create certificate and implement notification from below link
https://www.raywenderlich.com/123862/push-notifications-tutorial
you can use below command to create certificate
so there are something wrong in creating distribution certificate
Use below command to create certificate
openssl x509 -in aps_production.cer -inform der -out PushChatCert.pem
openssl pkcs12 -nocerts -out PushChatKey.pem -in Certificates_dist.p12
cat PushChatCert.pem PushChatKey.pem > ck_dist.pem
openssl s_client -connect gateway.push.apple.com:2195 -cert PushChatCert.pem -key PushChatKey.pem
where
aps_production.cer = downloaded from developer apple
Certificates_dist.p12 = Exported from your keychain after installing aps_production.cer

Verify return code: 20 (unable to get local issuer certificate) while creating push notification P EM file

I am creating PEM file for Production APNS , and i have done this several time before .
But i am facing an error on terminal while testing my PEm file from below command :
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem
It gives me :
Verify return code: 20 (unable to get local issuer certificate)
as response.
I have tried so many times but did not identify the problem .
May be it is because of my distribution certificates created on diffrent Mac .
But i am not sure .
Any help suggestion will be helpfull.
The developer link asks to include -CAfile server-ca-cert.pem, which does'nt work either.
All other options of indicating the CAfile gave me errors like 'unable to load certificate'.
The below actually worked for me after trying other options.
openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
This solution gives 'Verify return code: 0 (ok)'.
On an additional note: You can also specify the .key file as the -key value & it will work too i.e. something like, ref here
openssl s_client -connect gateway.push.apple.com:2195 -cert myCert.pem -key myprivatekey.key -CAfile entrust_2048_ca.cer
You need to give a CA certificate as CAfile commandline argument to s_client. The trusted root certificate for the push servers is the Entrust CA (2048) root certificate which you can download from Entrust's site.
$ openssl s_client -connect gateway.push.apple.com:2195
-cert myCert.pem -key myKey.pem -CAfile entrust_2048_ca.cer
For more information and other possible reasons, please, check Apple developer guide Troubleshooting Push Notifications.

Resources