How to process PKCS#10 Certificate Signing Request (CSR) from WebSphere
Originally Published: 2003-04-07
Article Number
Applies To
IBM WebSphere
IBM WebSphere
Keon Certificate Authority
Issue
How to process PKCS#10 Certificate Signing Request (CSR) from Microsoft Windows 2000 domain controller
Program Error
!PKCS10Parse(): [XrcDECODINGFAILURE] unable to complete decoding operation. XudaParsePKCS10Request():
[XrcDECODINGFAILURE: unable to complete decoding operation]
Cause
One specific known encoding error is that there is an extra Context Specific tag included in the encoded Certificate Signing Request (CSR). Another common fault with submissions from a Windows 2000 domain controller is a request with no email address specified. If the ASN.1 is decoded, you would see the following type of display:
SET {
SEQUENCE {
OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
IA5String
Error: Object has zero length.
}
}
Resolution
1. Save the Certificate Signing Request (CSR) with a .64 suffix
2. Strip the -----BEGIN NEW CERTIFICATE REQUEST----- header and footer so the file contains pure Base64
3. Open the file with WinZip and extract the file called "unknown.001"
4. Read the file 'unkown.001' with any of the well known ASN.1 decoders
One of the most commonly used and referenced tools is "dumpasn1" from Peter Gutmann, and may be found at http://www.cs.auckland.ac.nz/~pgut001/. Also, a Windows front end has recently been produced and can be downloaded from http://www.geminisecurity.com/guidumpasn.html.
Workaround
Related Articles
IDC unification runs into an error called by by webservice call in RSA Identity Governance & Lifecycle Number of Views How to Decomission a Host from the Puppet Trust Model Number of Views createChangeRequest Delete Account web serivce call not working in RSA Identity Management and Governance 6.9.1 Number of Views CreateChangeRequest webservice call with <AccountChange> does not fail on SoD Violations for RSA Via Lifecycle & Governance Number of Views Unification runs into an error called by webservice call in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Troubleshooting AFX Server issues in RSA Identity Governance & Lifecycle Downloading RSA Authentication Manager license files or RSA Software token seed records
Don't see what you're looking for?
