How to process PKCS#10 Certificate Signing Request (CSR) from WebSphere
Originally Published: 2003-04-07
Article Number
Applies To
IBM WebSphere
IBM WebSphere
Keon Certificate Authority
Issue
How to process PKCS#10 Certificate Signing Request (CSR) from Microsoft Windows 2000 domain controller
Program Error
!PKCS10Parse(): [XrcDECODINGFAILURE] unable to complete decoding operation. XudaParsePKCS10Request():
[XrcDECODINGFAILURE: unable to complete decoding operation]
Cause
One specific known encoding error is that there is an extra Context Specific tag included in the encoded Certificate Signing Request (CSR). Another common fault with submissions from a Windows 2000 domain controller is a request with no email address specified. If the ASN.1 is decoded, you would see the following type of display:
SET {
SEQUENCE {
OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
IA5String
Error: Object has zero length.
}
}
Resolution
1. Save the Certificate Signing Request (CSR) with a .64 suffix
2. Strip the -----BEGIN NEW CERTIFICATE REQUEST----- header and footer so the file contains pure Base64
3. Open the file with WinZip and extract the file called "unknown.001"
4. Read the file 'unkown.001' with any of the well known ASN.1 decoders
One of the most commonly used and referenced tools is "dumpasn1" from Peter Gutmann, and may be found at http://www.cs.auckland.ac.nz/~pgut001/. Also, a Windows front end has recently been produced and can be downloaded from http://www.geminisecurity.com/guidumpasn.html.
Workaround
Related Articles
How to delete the RSA Authentication Manager 8.x virtual host Certificate Signing Requests (CSR) which show Pending/Inactive Number of Views RSA Authentication Manager Displays Unwanted Certificate Signing Requests (CSRs) in the Operations Console Certificate Man… Number of Views How to generate a Certificate Signing Request (CSR) with the Subject Alternative Name (SAN) field using openssl on RSA Aut… Number of Views Generate a Certificate Signing Request (CSR) for the Web Tier Number of Views Generate a Certificate Signing Request Using the Operations Console Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
