PEM routines:PEM_read_bio:bad end line

Question

I'm trying to parse the developer certificate in embedded.mobileprovision file. Firstly I use

security cms -D -i embedded.mobileprovision

to get the base64 developer certificate string.

Then I split the string every 64 characters and stored in a file named dev.cer.

Finally add -----BEGIN CERTIFICATE----- at the first line and -----END CERTIFICATE----- at the end of file.

On my mac computer, I right click the dev.cer file and the developer informations are all there. However, When I use openssl x509 -in dev.cer -text -noout, error comes out:

unable to load certificate 69721:error:0906D066:PEM routines:PEM_read_bio:bad end line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:747: 

The dev.cer file is following:

-----BEGIN CERTIFICATE----- MIIFljCCBH6gAwIBAgIIIP7GMO9cWzYwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3 aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMTcwNDI5MDMzMDA4WhcNMTgwNDI5MDMzMDA4WjCBiTEaMBgGCgmSJomT8ixk AQEMCk1ENFA0UTg1WlExMzAxBgNVBAMMKmlQaG9uZSBEZXZlbG9wZXI6IGFtbW1p IGFtbW1pIChXM1BSS1JDVDRRKTETMBEGA1UECwwKVktRNTZVQ0c4ODEUMBIGA1UE CgwLYW1tbWkgYW1tbWkxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAwudboPuPnImOssBCw9vISRnnivreVwOuDAu77u47zIU8uTag bzktX6pF54YToSLQHeOaNNQfZ7idccU2DKVBr3etz/++ca4HNadeUaEm2VWW4kEq 3iKIo1wZZhJJR6bQl4q797U0+f7eEXLKD4fjfidEF+ceAxAsX5YIuokq3K/B+XW3 tKk7D4nCaaCyJ9/+aJkFKT/oOxWRD0NYi5vXpni/3Plj5Qu3kDGrTUQaGCXXjRrA E3mOVS4M2W5sFoOUpBxcfK7ajs+HUZNp0Gvb04OeD4O0lLTxcNu6omhG3MzOo81F T+bkdxLM7XkIbNlIjYhyxGRynpgAKmiR9B/oeQIDAQABo4IB8TCCAe0wPwYIKwYB BQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5hcHBsZS5jb20vb2Nz cDAzLXd3ZHIwMTAdBgNVHQ4EFgQUF8T1dPnBmZfKfG0+lHtczMuGy9owDAYDVR0T AQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAR0GA1Ud IASCARQwggEQMIIBDAYJKoZIhvdjZAUBMIH+MIHDBggrBgEFBQcCAjCBtgyBs1Jl bGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMg YWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1z IGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBj ZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDYGCCsGAQUFBwIBFipo dHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wDgYDVR0P AQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMBMGCiqGSIb3Y2QGAQIB Af8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQA1//RUQ+hnCxfzSKO13qtuSb4IUrY5 bjkRKIAUlxN5aYVN5NIzCGxmahlDA/Rjw8MLVA8dWbT0QMSqx5IXC+Ov3JNZlkL0 5+RBuZEtZL7IZp0L3ZrCFtuizaunH9fZWbyFyfLACIYqZqP40N1+wIx1l4Es65Zu WSeDeQMutda8DpmtCJhrnod9B1vfvDc3FUSmbJbvkLFh2UCgqtE9moLYI8qFMzqe CQUJdPGdE+2WNv0wM8/cFIG/audSvEADKg1DgO+j6oP+urUe1gLsyzyv10J7/XA4 nmDuP1UNG7O7ADbdEOxhRiB96ZNwgcw9Q0wv9H9jMa+NNti6SxLud2+B -----END CERTIFICATE---- 

By the way, I used online certificate decoder to decode dev.cer, it works well. Here is the url:

https://www.sslshopper.com/certificate-decoder.html 

This site recommended to use openssl, but it failed.

Answer 1

I had the same problem as sunnycomes and his comment was correct. I was lacking a '-' at the very end of the last line of the file. Before I had:

-----END CERTIFICATE---- 

and changing it to:

-----END CERTIFICATE----- 

fixed it. I've learnt that I have to be careful when copying certificates text from a terminal.

Answer 2

Extra note: When pem file contains CA and sub-CA chain, be sure that -----END CERTIFICATE---- -----BEGIN CERTIFICATE----- are not on the same line.