Openssl Vagaries

This post will likely never help anyone. I needed to convert a certificate in pem format to pkcs12. It’s really easy, unless you get some a vague error.

openssl pkcs12 -export -out certificate.pfx -inkey certificate.key -in certificate.crt -certfile ca_certificate.crt

The certfile argument is likely optional, although you almost always get an intermediate certificate. You can probably also concatinate your certificate before hand, but I haven’t tried or read about it. The problem was that I went to do this very simple task and I was presented with an error.

“unable to load certificates”

I went to verify the certificate and key.

openssl x509 -noout -text -in certificate.crt

openssl rsa -noout -text -in  certificate.key

The key check worked but the certificate check didn’t. The certificate check had the same error. I went to a new system and tried the same thing and it still didn’t work. I eventually got some debuging from openssl and it had something I could go on.

140480776103592:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:802:

Bad end of line. I opened the certificate in vim and I looked. Fortunately for myself I have ocd and I noticed that the number of hyphens on the end of the last part of the file didn’t match the other three portions.



I added the remaining hyphen on the original system and the original command ran fine. I saw many people complain about this problem, but the threads all just ended abruptly. Perhaps this was the same problem and they had a bad copy and paste… My recommendation is to check your work with an md5sum.



Cross Dressing Architecture: Which CPU Do I Wear?

I’m going to make this a quick post because it’s late and I am just trying to get something done… I’m cross compiling a kernel for a small device. The problem is that my work station is an i7 running 64 bit Gentoo. The target is a Via C7 and while I could probably do everything in 64 bit on the device I don’t necessarily want to double my memory register widths on a device that is cramped for memory. Gentoo has an awesome tool called crossdev that automatically built the toolchain for my target device.

The problem now is that I can’t fool make. It knows something is wrong with what I am doing. I even decided to chroot in to a i686 only environment  Make still freaked out that I was being crazy trying to compile code. The error was, “CPU you selected does not support x86-64 instruction set”! I’ve searched around the internet and no one had an immediate solution. Of course… I got to thinking… I’ll alter the Makefile to set the arch… changed some uname -m to echo i686′s here some ARCH=${ARCH} to ARCH=i686′s there… Still it wouldn’t compile! Even -m32 didn’t work. Make knew something was up and I realized that the make binary was doing this check.

The solution was really simple… It’s something I did long ago to compile a 32bit kernel. Most distros ship with arch and setarch. The arch command tells you what you’re running. The setarch command sets your arch to anything you want! I want i686! Everything compiled great after and we all had tea and scones.

Jelly Bean OTA For Galaxy Nexus: No Wipe, Just Candy

Jelly Bean 4.2 came out today for the Galaxy Nexus. Many will get the OTA, many will have to wait. If you don’t want to wait, if you don’t want to root, if you don’t want to unlock, if you don’t want to wipe… Then the following can be followed at your own risk. The details are simple and they worked for my phone. I can’t guarantee they’ll work for your phone. My phone was a yakju and I loaded the takju image on it a long, long time ago. That process requires a wipe, but let’s proceed to the current process. You need a few things. The Android Platform Tools that has the  adb in them and the new OTA update.


  1. (short link to Android SDK)
  2. (short link to the Android OTA for the takju GSM phone)

Directions (see warning below):

  1. Follow the setup guide for the Android SDK
  2. Download the client
  3. Power off your Galaxy Nexus
  4. Holding the volume buttons and press and hold the power should bring you to the Fastboot menu (note if you’re in the Odin menu then you need to press power to exit and restart at step 3)
  5. Use the volume up/down to navigate to “Recovery mode” and press power to select bringing you to a dead android with a red exclaimation trigon
  6. Press volume up and then press power at the same time which is important because if you’re timing is wrong you just need to repeat this step until you get your rhythm
  7. A blue menu should appear using the volume up/down to navigate again highlight “apply update from ADB” and press power to select it
  8. The device will ask you to run adb sideload filename (note that older version of adb don’t support sideload so go to step 1 and back to this step if you need to
  9. From here the platform specifics are different but I run Linux and from the folder platform-tools in the Android sdk I issued “./adb devices”
  10. This will restart/start the adb daemon and if you upgraded the sdk it will also kill the adb daemon if it’s out of date
  11. Once you see your device in the list proceed
  12. The final command is “./adb sideload” causing the phone file to be uploaded and the update to proceed
  13. The phone will take around five minutes to apply the update and the subsequent reboot will take longer than usual but after you’re running Android 4.2
  14. Enjoy!

Warning: Remember following these steps can brick your phone. I personally have accidentally bricked my HTC Hero following guides like these. Proceed with caution and when in doubt just wait for the OTA. I take no responsibility for the instructions I’ve put up if it breaks your phone.


Update: I had two links today. The link will download the original Nexus 7 (wifi only) image. This image is reputed to only work with the original Nexus 7. The instructions should work for both the Galaxy Nexus and the Nexus 7. I didn’t have a Nexus 7 to try this out on.