我拥有服务器CA证书,客户端证书和客户端密钥文件。尝试以以下格式创建PEM文件。
# client certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXMVTXXXXXXXXXXXXBKueuqI6lfYygoKOhJJoXXXXXXXXXXXXXXXXXX
...
XXXXXXXXXXXXXXXXXXXXXXXXhZSZg=
-----END CERTIFICATE-----
# Private key
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXMVTXXXXXXXXXXXXBKueuqI6lfYygoKOhJJoXXXXXXXXXXXXXXXXXX
...
XXXXXXXXXXXXXXXXXXhZSZg2Cg6zn
-----END PRIVATE KEY-----
# Server CA certificate
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXMVTXXXXXXXXXXXXBKueuqI6lfYygoKOhJJoXXXXXXXXXXXXXXXXXX
...
XXXXXXXXXXXMVTXXXXXXXXXXXXBKueuqI6lfYygoKOhJJoXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXhZSZgxxxxxxx4gv/5blW3Dc=
-----END CERTIFICATE-----
在创建PEM文件之前,当我尝试使用openssl验证证书和密钥时,出现以下错误。
openssl x509 -in clientCert.crt -text
unable to load certificate
4559283820:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/pem/pem_lib.c:683:Expecting: TRUSTED CERTIFICATE
openssl pkey -in keyfile.key -pubout -outform pem
unable to load key
4684559980:error:09FFF064:PEM routines:CRYPTO_internal:bad base64 decode:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/pem/pem_lib.c:800:
密钥和证书来自受信方。那么有什么主意我在这里做错了吗?