I have used the JavaScript function generateCRMFRequest() to generate a
certificate request. I've catched the result in a CGI Perl script.
Second I've added "-----BEGIN CERTIFICATE REQUEST-----" and "-----END
CERTIFICATE REQUEST-----" and write it down to a file.

Next I wish to sign it with 'openssl ca'. This will fail. The error
message is after the command line:
openssl ca -in req.p10 -out req.cer

Using configuration from /usr/local/ssl/openssl.cnf
Error reading certificate request in req.p10
1153:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
1153:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
asn1 error:tasn_dec.c:628:
1153:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:tasn_dec.c:566:Field=version, Type=X509_REQ_INFO
1153:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested
asn1 error:tasn_dec.c:566:Field=req_info, Type=X509_REQ
1153:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1

Who can give me some hints to solve this?

I've coded a similar way for the MSIE. The xenroll.cab output a PKCS10
certificate request. This works fine with openssl ca.

Where are the difference among CRMF and PKCS10? I've noticed that the
PKCS10 is a little more greater than a CRMF request. Is this normal and
what's the reason  for this.

Bye, Michael.

mozilla-crypto mailing list

Reply via email to