I just ran into an issue with encrypted and signed SAML where my self-signed PFX file generated on a Mac did not work when converted to a base64 version using openssl. However taking the same PFX file from the Mac and generating a base64 private key worked on the Windows platform using certutil. The resulting certificate is being used on Docker (Linux) and didn’t work until we used the Windows generated one. I was getting certificate load errors.
Any guidance on whether I am limited to using the Windows platform for generating base64 PFX files or why I may be seeing this? For the record, here is the error I was getting when loading the certificate with X509Certificate2():
error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
Just to re-iterate, I am up and running now. I am just trying to understand any specifics that I might need to document around certificate generation in order to get things to run properly in the future–and don’t like to just tell the team “Use Windows”. 
Best Regards,
Charles
Hi Charles,
How did you create the self-signed PFX file? Did you use the CreateSelfSIgnedCert project we ship?
What’s the conversion you’re performing on the PFX file using openssl or certutil?
Is the conversion creating a base-64 certificate file with no private key (ie CER or PEM file)?
Is the error you’re seeing occurring when loading the PFX file or the CER file?
[quote][/quote]
Hi Charles,
How did you create the self-signed PFX file? Did you use the CreateSelfSIgnedCert project we ship?
What's the conversion you're performing on the PFX file using openssl or certutil?
Is the conversion creating a base-64 certificate file with no private key (ie CER or PEM file)?
Is the error you're seeing occurring when loading the PFX file or the CER file?
How did you create the self-signed PFX file? Did you use the CreateSelfSIgnedCert project we ship?
What's the conversion you're performing on the PFX file using openssl or certutil?
Is the conversion creating a base-64 certificate file with no private key (ie CER or PEM file)?
Is the error you're seeing occurring when loading the PFX file or the CER file?
I did not use the cert utility to generate the certificate. I assume then that utility would work on my Mac since the component library is .Net Core.
It turns out that doing base64 encoding with openssl option helped it work for me instead of trying to convert it to base64 as a separate step. One of our developers discovered that the following ended up working:
openssl base64 -A -in cert.pfx -out cert64.txt
Thanks for the quick response and questions back. Hopefully this helps others in their cert generation.
The utility should work as it uses the .NET Core API.
Thanks for the update regarding openssl.