# create a certificate with openssl command line tool $ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem # Pry session [1] pry(main)> require 'openssl' => true [2] pry(main)> RUBY_VERSION => "2.3.0" [3] pry(main)> OpenSSL::OPENSSL_VERSION => "OpenSSL 1.0.2d 9 Jul 2015" [4] pry(main)> cert_pem_str=File.read("mycert.pem") => "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALYwA4a/vvxkTP98\nieu6KB1bbfQ4LPWVg9U4jijNhBR5fEWGK5eh7R0SBhmHBLQF73XSq5agFFkVnOI+\n+8EXMmfMLmFrGSDXalOWQYNs11l989mob4ForPZQ7mCtmzF/lwz14zyLuMIYRZLf\nFGx70KSkb7V8Lwc26synN1P0tiKHAgMBAAECgYBaTNQCntlnucMcQrsNlpg5bM7D\n5HAMTU4pib2UZcDYcRpyTz0eDAk9hmh1kKF5JRP6PzADGVbcjMTUsskPfJLjX43Q\nxmoZW7tJfsfkthLqMXsXuj1qMOo677j8Z8+1V2iGz7iDrpmWvBCkbN+6zyAPOkcR\nDYxpOloCtlTj3XhJQQJBANnTM497J7z0pr6XiGobXN3p2gVq7FHT+F8FziOoFk+S\nBIIzR8cEy7fbh1SCkuOSSvsdblXTvdU8RMkPVDA4FaECQQDWHezQVRlMe8Py+gQ7\nVMA6xfO1zBx9qxYHoRcfkAA3vHp3DMqqu5i0ipsPFpnOgW5Qojh8ehx2I5powWTq\n/XcnAkBMpB4pJsj1mBMvTjvmMZh8UDKw400hAXcLYAyGyTaIarUBZq+jm9Fd8HTu\nTD8IqUmOj21p72WEqH7/S1Bw4trhAkEAxo8TuBLilhnEGgQefoLWjOpbWgDBfwx0\nLnkFv4BDo2xGyTX0j6XOM8bBiplz4pwGmAIHje+Tiz7zBygpFP4eSwJBAMXvwqSK\n20L2/LSQmYrBmYbYyYIEgUssJkBBwzwzbwdvLqWbRtS3a+lI/iE5TIQDqrUQDZDn\nZ33GEOqNh+Z1/Ps=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIICWDCCAcGgAwIBAgIJALD8WZ17qxjZMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwMzAzMTUwNDM2WhcNMTcwMzAzMTUwNDM2WjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\ngQC2MAOGv778ZEz/fInruigdW230OCz1lYPVOI4ozYQUeXxFhiuXoe0dEgYZhwS0\nBe910quWoBRZFZziPvvBFzJnzC5haxkg12pTlkGDbNdZffPZqG+BaKz2UO5grZsx\nf5cM9eM8i7jCGEWS3xRse9CkpG+1fC8HNurMpzdT9LYihwIDAQABo1AwTjAdBgNV\nHQ4EFgQUPVtWb3LwBSK8RvPnC0RO1pLIxaowHwYDVR0jBBgwFoAUPVtWb3LwBSK8\nRvPnC0RO1pLIxaowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBfmdEp\n42rFLI+daX0Xo+lvE5fdQ4MOmFwMdTxH8gTrTm8cXLx7E15/pA2C2d3Zp7gn4ClP\nSEzFLUnED6txVysqCLsT3OOPaRnWhZL3uAJST8xTdlQkbASB9wWkdYwsjIAlwxbU\n58zecwLCcmJ2PS240WcC7fP8aI9HeuT1P39XnA==\n-----END CERTIFICATE-----\n" [5] pry(main)> OpenSSL::X509::Certificate.new(cert_pem_str) => #, issuer=#, serial=#, not_before=2016-03-03 15:04:36 UTC, not_after=2017-03-03 15:04:36 UTC> [6] pry(main)> cert_pem_obj = OpenSSL::X509::Certificate.new(cert_pem_str) => #, issuer=#, serial=#, not_before=2016-03-03 15:04:36 UTC, not_after=2017-03-03 15:04:36 UTC> [7] pry(main)> cert_p7b_obj = OpenSSL::PKCS7.new() => # [8] pry(main)> cert_p7b_obj.type = :signed => :signed [9] pry(main)> cert_p7b_obj.add_certificate(cert_pem_obj) => # [10] pry(main)> OpenSSL::PKCS7.new(cert_p7b_obj.to_s) ArgumentError: Could not parse the PKCS7: nested asn1 error from (pry):10:in `initialize' - also checked with the latest ruby head version (2.4.0) and got the same error # checking with openssl command line tool - first, write the PKCS7 certificate to file from the Pry session: [11] pry(main)> File.open("mycert-from_pem_ruby.pb7", 'w+') {|file| file.write(cert_p7b_obj)} - check with openssl tool: $ openssl pkcs7 -in mycert-from_pem_ruby.pb7 -noout -text -print_certs unable to load PKCS7 object 140735278825552:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:283: 140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=type, Type=PKCS7 140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694:Field=contents, Type=PKCS7_SIGNED 140735278825552:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:694: 140735278825552:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:557:Field=d.sign, Type=PKCS7 140735278825552:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: