0

Node keeps giving me this error when I tried to read my self signed SSL certificate

_tls_common.js:67
  c.context.setCert(options.cert);
            ^

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Error (native)
    at Object.createSecureContext (_tls_common.js:67:17)
    at Object.TLSSocket._init.ssl.onclienthello.ssl.oncertcb.exports.connect (_tls_wrap.js:1017:46)
    at Socket.<anonymous> (/usr/blinkchannelserver/bundle/programs/server/npm/node_modules/pg/lib/connection.js:106:23)
    at Socket.g (events.js:260:16)
    at emitOne (events.js:77:13)
    at Socket.emit (events.js:169:7)
    at readableAddChunk (_stream_readable.js:153:18)
    at Socket.Readable.push (_stream_readable.js:111:10)
    at TCP.onread (net.js:540:20)

What format is this supposed to be in?

On my server, I created a client key and csr by running

openssl req -new -key ~/.postgresql/postgresql.key -out /tmp/postgresql.csr

I used my server key to turn the csr into a certificate using my server's certificate nd key

openssl x509 -req -in /tmp/postgresql.csr -CA server.cert -CAkey server.key -out /tmp/postgresql.cert -CAcreateserial

When I try to lost postgresql.cert I get the error above

Running x509:

openssl x509 -inform PEM -in postgresql.cert

gives me a reasonable output:

-----BEGIN CERTIFICATE-----
MIIDHDCCAgQCCQC8AZE7dSSPZDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJH
QjEPMA0GA1UEBwwGTG9uZG9uMR4wHAYDVQQKDBVEb3VnbGFzLVdoaXRlICYgR29z
...
-----END CERTIFICATE-----
MercilessMaverick
  • 257
  • 2
  • 12
  • If your CN is ***`CN=www.example.com`***, then it is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) You will also need to place the self-signed certificate in the appropriate trust store. – jww May 26 '17 at 12:35

1 Answers1

0

This usually happens when the file is encoded with non-Unix line endings. You can open he file and it will show some weird character at the end of the line, like '^M' for instance.

Converting the file to a unix format OpenSSL will be able to deal with it. Try running some 'sed' commands (depends on the encoding) or a specialised tool like 'dos2unix'

sed 's/^M$//' infile.txt > outfile.txt

sed 's/\r$//' infile.txt > outfile.txt
Sergiu Marsavela
  • 1,051
  • 8
  • 7
  • PEM is standardized in [RFC 1421, Privacy Enhancement for Internet Electronic Mail](https://tools.ietf.org/html/rfc1421). The standard calls out CR-LF End-of-Line in Section 4.3.1 (p.10): *"Text lines, delimited by the character pair , must be no more than 1000 characters long"*. Two other RFC's around that time, SMTP and FTP, used the same End-of-Line. If Node.js cannot handle the newline pair, then it is probably a bug in Node.js. – jww May 30 '17 at 06:57