On Mon, Jan 18, 2010, Muehlbauer, Andreas wrote: > Hi, > > we are running our own CA with openssl 0.9.8k on linux. > We get a CSR-Request containing SAN attributes from a Windows IIS > Server: > > [Version] > Signature="$Windows NT$" > > [NewRequest] > Subject = "CN=test1 OU=IT, O=Org, L=Location, S=State, C=DE" > KeySpec = 1 > KeyLength = 1024 > Exportable = TRUE > MachineKeySet = TRUE > SMIME = FALSE > PrivateKeyArchive = FALSE > UserProtected = FALSE > UseExistingKeySet = FALSE > RequestType = CMC > KeyUsage = 0xa0 > ProviderName = "Microsoft RSA SChannel Cryptographic Provider" > ProviderType = 12 > > [EnhancedKeyUsageExtension] > OID=1.3.6.1.5.5.7.3.1 > > [RequestAttributes] > SAN="CN=xyz&CN=test3" > > > When I try to sign the csr-Request with openssl I get the following > error message: > Error reading certificate request in xyz.csr > 27756:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:1316: > 27756:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:tasn_dec.c:380:Type=X509_REQ_INFO > 27756:error:0D08303A:asn1 encoding > routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 > error:tasn_dec.c:748:Field=req_info, Type=X509_REQ > 27756:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 > lib:pem_oth.c:83: > > > Signing Requests without SAN-attributes works just fine. >
Can you post or send me that CSR privately? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
