Error message: 
testuser@thor-x1:~/cert_no_start_line/certs$ openssl x509 -in cert.pem -text
unable to load certificate
140178126276248:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
Description:

The error message is displayed when using Transport Layer Security (TLS). The syslog-ng application uses OpenSSL for TLS and this message indicates that the certificate contains characters that OpenSSL cannot process.

The error occurs when the certificate comes from Windows and you want to use it on a Linux-based computer. On Windows, the end of line (EOL) character is different (\r\n) compared to Linux (\n).

To verify this, open the certificate in a text editor, for example, MCEdit. Notice the^Mcharacters as shown in the image below:

Figure 6: Example of OpenSSL character processing error

Solution:

  • On Windows, save the certificate using UTF-8, for example, using Notepad++.

    NOTE: Windows Notepad is not able to save the file in normal UTF-8, even if you select it.

    1. In Notepad++, from the menu, selectEncoding.

    2. Change the value fromUTF-8-BOMtoUTF-8.

    3. Save.

  • On Linux, run dos2unix cert.pem. This will convert the file to a Linux-compatible style.

    Alternatively, replace the EOL characters in the file manually.