If openssl (e.g. x509 or s_client) thinks a DER encoded x509 self-signed certificate is

Question

0

Asked: June 5, 20262026-06-05T09:03:33+00:00 2026-06-05T09:03:33+00:00

If openssl (e.g. x509 or s_client) thinks a DER encoded x509 self-signed certificate is

0

If openssl (e.g. x509 or s_client) thinks a DER encoded x509 self-signed certificate is well formed, can I definitively say that the certificate is well formed? For instance, openssl is able to load the certificate but a widely used closed source framework does not.

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T09:03:36+00:00

Editorial Team

2026-06-05T09:03:36+00:00Added an answer on June 5, 2026 at 9:03 am

In general, yes, if OpenSSL can load it, than most likely there are no inherent problems with the format. However, some libraries and applications don’t handle ASN.1 (DER) tags with undefined length. This is the most likely case with your certificate.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If openssl (e.g. x509 or s_client) thinks a DER encoded x509 self-signed certificate is

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply