6 Jul
2014
6 Jul
'14
12:26 p.m.
Hi guys,
Lilian is right. ARCENe certificates are given in one continuous long line. After
inserting line feeds every 64 chars, they can be used in dcp-o-matic to generate KDMs.
As I don't have a cinema server at the moment to complete the test and ingest a
crypted test DCP, I can just say that it seems to work, but I'm not sure.
Lilian, have you tested this?
Thanks for your help,
Fred
Message du 06/07/14 10:46
De : "lilian lefranc"
A : dcpomatic(a)carlh.net
Copie à :
Objet : Re: [DCP-o-matic] ARCENe certificates not accepted
Carsten,
The formatting of the certificates provided by the CNC is not correct:
-----BEGIN CERTIFICATE-----
MIIEqDCCA5CgAwIBAgIIAT0i0Cel7+UwDQYJKoZIhvcNAQELBQAwgYsxITAfBgNVBAoTGERDMi5TTVBURS5ET1JFTUlMQUJTLkNPTTEaMBgGA1UECxMRREMuRE9SRU1JTEFCUy5DT00xIzAhBgNVBAMTGi5VUzEuRENTLkRPTFBISU4uREMyLlNNUFRFMSUwIwYDVQQuExxCbkIwaURKTGd5cWlXVWpuMXVxck95Mi9ERUU9MB4XDTA3MDEwMTAwMDAwMFoXDTI1MTIwMTAwMDAwMFowgaQxITAfBgNVBAoTGERDMi5TTVBURS5ET1JFTUlMQUJTLkNPTTEaMBgGA1UECxMRREMuRE9SRU1JTEFCUy5DT00xPDA6BgNVBAMTM0xFIFNQQiBNRCBGTSBTTS5EQ1AyMDAwLTI1MDQxMy5EQy5ET0xQSElOLkRDMi5TTVBURTElMCMGA1UELhMcRVV2U2I1dC9ieHFCZjlFczYyU0hWWTZOdmNZPTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZAb67wlPtvVEloN2RVjpXKr+O71ugxMubTmrqaHsBY2dDbeZpUAdKPOpUvnUO0PR7jhM2BiRRcAoG6t2NUawiivAY3m/52gGSeMJ1sRrApLWev6ndZFqRt8ZcTxVFmD6s2gQQVl8WqBLj7MnTbkuFNBsT24G0SKCtOSMCgJoqJIGf4nWUtcCGyMxazT6NlBdQNe+xzoC/RNqD+hmjKNvV+PoIT4IeUZwcwFEgDZgc7c80ZoAGboiefCC7iFUg/gmeCtbD91cNgm51f2H4Vtm+jE3P4L4U/Oustm4Um7uoQRKo8YSxhloZ4lrexyJfSF2O1OueLWENCSQHWFkLt7CkCAwEAAaOB9DCB8TAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUEUvSb5t/bxqBf9Es62SHVY6NvcYwgbQGA1UdIwSBrDCBqYAUBnB0iDJLgyqiWUjn1uqrOy2/DEGhgY2kgYowgYcxITAfBgNVBAoTGERDMi5TTVBURS5ET1JFTUlMQUJTLkNPTTEaMBgGA1UECxMRREMuRE9SRU1JTEFCUy5DT00xHzAdBgNVBAMTFi5EQ1MuRE9MUEhJTi5EQzIuU01QVEUxJTAjBgNVBC4THGhON3VYU0xZaS9FS3RUME1ZYURXZUU1ajNNbz2CAQIwDQYJKoZIhvcNAQELBQADggEBABYQnqIZEFaVCg43sn1/TfJQzasWIdktxl4SVlEVB4zrZ7gEYMBf4rPCqfxDGOVdNpNNA9F+qdyXS2tDew7gZj255TTJv59MjQ5Ia5WY59Z0yGddyt1XwN859NXTRUqb4PqscQSHnWQwUsEgOc5LarnYy2Zrmsf0hHyNDJCTWpdOuFSHidZLlH17PoZ5jUoBu1lCCykDem5jQBt5loU8Sw84FYVeiAA2JoBGdQHQF/nLA2xDZNpxPy2b672amEJqN0QNIKLU2RKVd67Kzcmv5kq2T9KXkhOvfMIP9fi+mvh2GAF9aQYzs92vMadWAYigXgdGO8JH/z1c5qdjG9ewt9E=
-----END CERTIFICATE-----
Openssl tools can not use them and give this error:
unable to load certificate
35622:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode
In aim to use those certificates, it is necessary to reformat them... It
works.
Best,
Le 05/07/2014 15:47, Carsten Kurz a écrit :
Am 05.07.2014 um 11:40 schrieb
fred.bobigny(a)laposte.net:
_______________________________________________
DCPomatic mailing list
DCPomatic(a)carlh.net
http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic
Hi,
While trying to generate a KDM, I get an error message with certificates downloaded from
ARCENe database: "could not read certificate file (not X509...)".
Is there a trick?
https://www.cnc-arcene.fr/
What kind of files do you find there?
A certificate will usually have a *.pem extension and a content like this:
-----BEGIN CERTIFICATE-----
MIIEOjCCAyKgAwIBAgIIO++4ldIwHcMwDQYJKoZIhvcNAQELBQAwbDEcMBoGA1UE
AxMTLlNvbnkuRENJc3N1ZXJDQS52MTEMMAoGA1UECxMDUFJPMRcwFQYDVQQKEw5E
Qy5DQS5Tb255LkNvbTElMCMGA1UELhMcc2RjMCtoMEdIZ1U3RkFhUHFjMXFyZkZi
...
liwRTz/vhbH+FIDE4CuILOQOprrTVhzYw1acXooqMOH5R268/hwQm4et9NhlPvZc
zEl51Vc+fqqbE5LlpscAKpzTkGAOjW7nJhIszd/wkrsjCd14zWYG4J0udtSLZWEX
QLIcIsR12qOFYFiVNbjF8BSc4er5jX25G1QPsT6eFisv7iy1MA8E1gh4wtGA0hrN
Xf2F6gwp3ULsRJy8WEgCyZTPuDwJA1VMlM8NpQ==
-----END CERTIFICATE-----
And you should never reformat, save etc. it, just use it as you downloaded it, transmit
ZIPed, etc.
- Carsten
_______________________________________________
DCPomatic mailing list
DCPomatic(a)carlh.net
http://main.carlh.net/cgi-bin/mailman/listinfo/dcpomatic