How to handle bad certificates

After way more digging I believe the issue with the certificate is that it is using IA5Strings for the Issuer and Subject fields.

If I download the cert, convert it to der, hex edit the 0x16 (IA5Strings) to 0x13 (PrintableStrings) and then run :public_key.pkix_decode_cert(der_file, :otp) that will complete. I’m not sure if using IA5Strings is in spec for a certificate for the issuer and subject fields. I can’t say I’ve ever came across a client that rejected it before now.

I can actually run :public_key.pkix_decode_cert(der_original, :plain) and that doesn’t seem to care about the asn.1 stuff, but I have no idea if it is possible to somehow pass that :plain atom to any http_clients. Definitely over my head as a beginner at this point. Especially with the issue being more on the Erlang side than with Elixir.

If nothing else I’ve learned more about x.509 certificates than planned, but sadly only got to about line 2 of my elixir project.