int res = Cert->Parse(CertFile.data(), CertFile.size());
if (res == 0)
{
auto CertPrivKey = std::make_shared<cCryptoKey>();
res = CertPrivKey->ParsePrivate(KeyFile.data(), KeyFile.size(), "");
if (res == 0)
{
// Modifyable locally but otherwise must be const
auto Config = cSslConfig::MakeDefaultConfig(false);
Config->SetOwnCert(Cert, CertPrivKey);
m_SslConfig = std::move(Config);
}
else
{
// Reading the private key failed, reset the cert:
LOGWARNING("WebServer: Cannot read HTTPS certificate private key: -0x%x", -res);
}
}
else
{
LOGWARNING("WebServer: Cannot read HTTPS certificate: -0x%x", -res);
}

(09-11-2017, 05:37 PM)xoft Wrote: The -0x2180 error is POLARSSL_ERR_X509_INVALID_FORMAT. That means that the file is in a format not supported by the TLS library. Which is weird, considering that the Generate script always has worked so far.

Could you post the generated cert and key? (You won't be using it anyway, so it shouldn't be a security concern

(09-18-2017, 11:25 PM)xoft Wrote: I meant for you to post the whole files.

When I copy-paste the certificate and privkey data from your listings into a fresh new pair of files, my Cuberite accepts them without any problem. But I tried on an older executable built with PolarSSL, I'll retry the new one with mbedTLS sometime in the afternoon.

(09-19-2017, 07:37 PM)xoft Wrote: I've found the cause and made a pull request with a fix: https://github.com/cuberite/cuberite/pull/4036

In the meantime, you can use your certificates if you convert them from PEM to DER (but keep their filenames).
( openssl x509 -inform pem -in certificate.pem -outform der -out certificate.crt )