Unable to get certificate info: openssl_x509_parse() failed: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode

Created:

2016-11-16 13:06:51 UTC

Modified:

2017-04-24 11:31:00 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to get certificate info: openssl_x509_parse() failed: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode

Applicable to:

  • Plesk for Linux

Symptoms

When opening SSL certificate properties in Plesk, one of the alike error messages arises:

Unable to get certificate info: openssl_x509_parse() failed: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode

or

Unable to get certificate info: openssl_x509_parse() failed: error:0D07209B:asn1 encoding routines:ASN1_get_object:too longerror:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object headererror:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 errorerror:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib

Cause

Certificate entry is incorrectly inserted into Plesk database.

Resolution

  1. Find the certificate file for a corresponding certificate, and check whether it could be validated with 'openssl' (certificate ID could be fetched from the URL which is being opened when accessing the certificate properties, as on screen shot):

    certificates

    mysql> select csr,cert_file,ca_cert,ca_file from certificates where id=1;
    +-----+-------------+---------+---------+
    | csr | cert_file | ca_cert | ca_file |
    +-----+-------------+---------+---------+
    | | certjl8Aqyv | | |
    +-----+-------------+---------+---------+
    1 row in set (0.00 sec)
  2. Check the corresponding SSL file with 'openssl' tool:

    openssl x509 -in /usr/local/psa/var/certificates/certjl8Aqyv  -text -noout

    In case CRS part is present in the above query, also check whether SSL md5 hashes are matching

    openssl x509 -noout -modulus -in /usr/local/psa/var/certificates/certjl8Aqyv | openssl md5
    openssl req -noout -modulus -in /usr/local/psa/var/certificates/CSR.csr | openssl md5

    If openssl displays the same error, then certificate file itself is corrupt as well. In this case contact your provider to get the valid SSL certificate file. Otherwise, proceed with further steps.

  3. If openssl validates the certificate files fine, then the issue only concerns Plesk database. In this case just add a new certificate to Panel, based on the data that is contained in certificate files, assign it to all the domains that were using the broken one, and in Plesk GUI delete the certificate which was causing the issue.

Have more questions? Submit a request
Please sign in to leave a comment.