SecurID: Unable to request Certificate for a Check Point Firewall through PKCS10 request in RSA Certificate Manager

5 months ago

Originally Published: 2006-05-23

Article Number

000057713

Applies To

RSA Certificate Manager 6.6
Microsoft Windows
Sun Solaris
Check Point Firewall

Issue

Unable to request Certificate for a Check Point Firewall through PKCS10 request in RSA Certificate Manager.
When submitting a PKCS10 request from Check Point Firewall through the enrollment page, the following error appears after clicking the Submit button:

!PKCS10Parse(): [XrcDECODINGFAILURE] unable to complete decoding operation. XudaParsePKCS10Request(): [XrcDECODINGFAILURE: unable to complete decoding operation]

When generating the request in Check Point Firewall, there is an option to include alternative name information.

ex: IP address. You select the checkbox and the option you require. This information is put in as part of the subject Alternative Name.

Cause

When using an ASN.1 Editor to view the request, the Subject Alternative Name portion appears as follows:

243 31   22:         SET {
 245 30   20:           SEQUENCE {
 247 30   18:             SEQUENCE {
 249 06    3:               OBJECT IDENTIFIER subjectAltName (2 5 29 17)
 254 01    1:               BOOLEAN FALSE <----------------------
 257 04    8:               OCTET STRING
            :                 30 06 87 04 3E B0 3F 28

The line that includes BOOLEAN FALSE should not be included in that part of the request as it is an invalid format. This causes the decoding failure.

Resolution

If you require Subject Alternative Name in the certificate, do not include it in the request, but get the Administrator of Vettor to input it as part of the approval process.

Don't see what you're looking for?

Related Articles

Trending Articles