Hi!
I am trying to implement a very simple ca using python. I have managed
to obtain a request using crypto.generateCRMFRequest on the client side
(Mozilla browser). I have tried to feed it to openssl req using various
tricks, but there are errors. How should I use this request to create a
signed certificate?
CRMFRequest =
u'MIIB0TCCAc0wggEzAgUAimvO6DCCASiAAQKlbzBtMRMwEQYKCZImiZPyLGQBGRYD
b3JnMRUwEwYKCZImiZPyLGQBGRYFcnVsZXoxGjAYBgoJkiaJk/IsZAEZFgpkZW1v
a3JhY2lhMSMwIQYJKoZIhvcNAQkBFhRtYWdAbWFnd2FzLnJ1bGV6Lm9yZ6aBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAysP+vktgI2eMcH4zx2M1s7PrxMpFmpr4
HY08XTw66+ydXj7t2zHMF919AmB5/LWHBJ+nmisIMn3Gq75LgbXeEG9bUrpka9Kk
80yJoe94e5tR/rZfHKZlUUAvjzIdTGwGityoEfSYdxx086Lx/O7XWVGJ85ngOCCU
GD+f28hxo8UCAwEAAakQMA4GA1UdDwEB/wQEAwIF4KGBkzANBgkqhkiG9w0BAQUF
AAOBgQA3NBYLHe9A2aAGzNES/9QRyvf8gFNz07RCPY63MOEXcc39pExiLV4klKOP
CGZWhU7LFTCKoRaXLhFfPmmM437jmBrSdAyRAArhWufwy7j0oE5m0okslyf1DmXw
VE+VGM9q8ciXNy1Tkbs1gSHMTuAGqKMF82V6IuaOBVtvN8hyhA=='
$cat /tmp/f
-----BEGIN CERTIFICATE REQUEST-----
MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6v/jCsO+b
7qOKbEnwhoZP+lxb4VQlRpZz23TdLuzfTf1dt3fkQxmjGCuAP/F7UG/LO0P5xaMR
SU0lbpq6xvLPZCu7FouYto9mG9VgT8Xr6EDrkiOK6z05x98pvMzDPT1ZrPje7Iu/
M3NSSWOlobngOyxZC+0hXHXR5Myd7EbtP/Mw7oZNhawGVPLMhB8SEn6KpJ2xUM31
To5uvRqubtUYHDTL37+0JEWjOTht5cfi9YZCqU8EZIdgSrgrwBvM4azQqbgc7MCq
J57xEj6Xfbuw+8h+p2Ufxxkc/hv5Gs5ItPJ4LHpwDtGqmCwyOA0lw/mbBfETxygD
Pl02fWkTvUrnAgMBAAEWADANBgkqhkiG9w0BAQQFAAOCAQEAPhOewCALZJ53wPVa
DksRjGwSs2FtLIxGShc+BlS7uawPE3KtWjGQGkb81GFvcj8eLy1aeRdPHG5wxNow
CRrv4ZhKT3Wz1jlBmdlsbQ04U9KSme/MYBGJTOBKEE5h2DR+HphlYmCQO3NFB4NQ
6/0U7I8xsV/Ija6vDfHE0xayp5QVEtdNERrFhfPpzS2hpaSpfhz/6bZY9mC7Pgls
LJ4T5Oi6FbQNzwcRpVLMcUT55XMHAEbQJ60iGY1o4EdHxDQKCIXuYhY2Y4m/mk9M
d/wmcx2b4/kjihwHqOL+qIXjUfUZ6fiAnGbgovUkCKDwtCAj81DiQ7rK3utXYQEy
d+OMxg==
-----END CERTIFICATE REQUEST-----
$openssl asn1parse -dump -inform pem -in /tmp/f
0:d=0 hl=4 l= 576 cons: SEQUENCE
4:d=1 hl=4 l= 296 cons: SEQUENCE
8:d=2 hl=4 l= 290 cons: SEQUENCE
12:d=3 hl=2 l= 13 cons: SEQUENCE
14:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
25:d=4 hl=2 l= 0 prim: NULL
27:d=3 hl=4 l= 271 prim: BIT STRING
0000 - 00 30 82 01 0a 02 82 01-01 00 ba bf f8 c2 b0 ef
.0..............
0010 - 9b ee a3 8a 6c 49 f0 86-86 4f fa 5c 5b e1 54 25
....lI...O.\[.T%
0020 - 46 96 73 db 74 dd 2e ec-df 4d fd 5d b7 77 e4 43
F.s.t....M.].w.C
0030 - 19 a3 18 2b 80 3f f1 7b-50 6f cb 3b 43 f9 c5 a3
...+.?.{Po.;C...
0040 - 11 49 4d 25 6e 9a ba c6-f2 cf 64 2b bb 16 8b 98
.IM%n.....d+....
0050 - b6 8f 66 1b d5 60 4f c5-eb e8 40 eb 92 23 8a eb
..f..`o...@..#..
0060 - 3d 39 c7 df 29 bc cc c3-3d 3d 59 ac f8 de ec 8b
=9..)...==Y.....
0070 - bf 33 73 52 49 63 a5 a1-b9 e0 3b 2c 59 0b ed 21
.3sRIc....;,Y..!
0080 - 5c 75 d1 e4 cc 9d ec 46-ed 3f f3 30 ee 86 4d 85
\u.....F.?.0..M.
0090 - ac 06 54 f2 cc 84 1f 12-12 7e 8a a4 9d b1 50 cd
..T......~....P.
00a0 - f5 4e 8e 6e bd 1a ae 6e-d5 18 1c 34 cb df bf b4
.N.n...n...4....
00b0 - 24 45 a3 39 38 6d e5 c7-e2 f5 86 42 a9 4f 04 64
$E.98m.....B.O.d
00c0 - 87 60 4a b8 2b c0 1b cc-e1 ac d0 a9 b8 1c ec c0
.`J.+...........
00d0 - aa 27 9e f1 12 3e 97 7d-bb b0 fb c8 7e a7 65 1f
.'...>.}....~.e.
00e0 - c7 19 1c fe 1b f9 1a ce-48 b4 f2 78 2c 7a 70 0e
........H..x,zp.
00f0 - d1 aa 98 2c 32 38 0d 25-c3 f9 9b 05 f1 13 c7 28
...,28.%.......(
0100 - 03 3e 5d 36 7d 69 13 bd-4a e7 02 03 01 00 01
.>]6}i..J......
302:d=2 hl=2 l= 0 prim: IA5STRING :
304:d=1 hl=2 l= 13 cons: SEQUENCE
306:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
317:d=2 hl=2 l= 0 prim: NULL
319:d=1 hl=4 l= 257 prim: BIT STRING
0000 - 00 3e 13 9e c0 20 0b 64-9e 77 c0 f5 5a 0e 4b 11 .>...
.d.w..Z.K.
0010 - 8c 6c 12 b3 61 6d 2c 8c-46 4a 17 3e 06 54 bb b9
.l..am,.FJ.>.T..
0020 - ac 0f 13 72 ad 5a 31 90-1a 46 fc d4 61 6f 72 3f
...r.Z1..F..aor?
0030 - 1e 2f 2d 5a 79 17 4f 1c-6e 70 c4 da 30 09 1a ef
./-Zy.O.np..0...
0040 - e1 98 4a 4f 75 b3 d6 39-41 99 d9 6c 6d 0d 38 53
..JOu..9A..lm.8S
0050 - d2 92 99 ef cc 60 11 89-4c e0 4a 10 4e 61 d8 34
.....`..L.J.Na.4
0060 - 7e 1e 98 65 62 60 90 3b-73 45 07 83 50 eb fd 14
~~..eb`.;sE..P...
0070 - ec 8f 31 b1 5f c8 8d ae-af 0d f1 c4 d3 16 b2 a7
..1._...........
0080 - 94 15 12 d7 4d 11 1a c5-85 f3 e9 cd 2d a1 a5 a4
....M.......-...
0090 - a9 7e 1c ff e9 b6 58 f6-60 bb 3e 09 6c 2c 9e 13
.~....X.`.>.l,..
00a0 - e4 e8 ba 15 b4 0d cf 07-11 a5 52 cc 71 44 f9 e5
..........R.qD..
00b0 - 73 07 00 46 d0 27 ad 22-19 8d 68 e0 47 47 c4 34
s..F.'."..h.GG.4
00c0 - 0a 08 85 ee 62 16 36 63-89 bf 9a 4f 4c 77 fc 26
....b.6c...OLw.&
00d0 - 73 1d 9b e3 f9 23 8a 1c-07 a8 e2 fe a8 85 e3 51
s....#.........Q
00e0 - f5 19 e9 f8 80 9c 66 e0-a2 f5 24 08 a0 f0 b4 20
......f...$....
00f0 - 23 f3 50 e2 43 ba ca de-eb 57 61 01 32 77 e3 8c
#.P.C....Wa.2w..
0100 - c6 .
$openssl req -in /tmp/f
unable to load X509 request
17991:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1316:
17991:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
asn1 error:tasn_dec.c:828:
17991:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:748:Field=version, Type=X509_REQ_INFO
17991:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:748:Field=req_info, Type=X509_REQ
17991:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org