|
I am trying to generate a certificate request. The problem I am having is
that the CSR I generate looks ok when I look at it with the "openssl req"
command (with the -text option), however when I try to get the CSR signed by
anything other than openSSL, I get errors complaining about the format of the
CSR. Specifically I have tried both Verisign and Microsoft Certificate Server.
The certificate request itself is below:
-----BEGIN CERTIFICATE
REQUEST-----
MIIBKDCB0wIAMHExEDAOBgNVBAMTB250ZGF2ZWcxGjAYBgNVBAsTEVplbiBGb3Ig SGFuZGhlbGRzMQ8wDQYDVQQKEwZOb3ZlbGwxEDAOBgNVBAcTB1doZWF0b24xETAP BgNVBAgTCElsbGlub2lzMQswCQYDVQQGEwJVUzBaMA0GCSqGSIb3DQEBAQUAA0kA MEYCQQDh5K+O2D40la9gim+G8j4fNA5ZvozgJ1quFgwBGpJEPuzUj/GsryLG5YHW 9kvulmKuK/IzDkdIiWCHqvhGIzZ/AgEDoAAwDQYJKoZIhvcNAQEFBQADQQBzhDYf weFL27Ab36yN4cYpRP8CXCvdOu7raTAvlwsZoRoY2kqUPu8bED4GHOY36hEZcSCo J23Kw0XCcBsTpDvR -----END CERTIFICATE REQUEST----- I actually have tried a number of attempts, this is just the most recent
one.
I'm really hoping someone can help me see what I'm doing wrong, since I've
been stuck on this for a couple days now. I'm sure its just something stupid I'm
doing.
To create the CSR I have adapted the following code from the O'Reilly
OpenSSL book:
BOOL SYPKI::CreateCertificateRequest(RSA* pRSAKeyPair,
LPCTSTR certCountryName, LPCTSTR certStateOrProvinceName, LPCTSTR certLocalityName, LPCTSTR certOrganizationName, LPCTSTR certOrganizationalUnitName, LPCTSTR certCommonName, BOOL bFormatPEM, void** pCertificateRequest, ULONG *pCertificateRequestLen) { X509_REQ* pRequest; BOOL bSuccess = TRUE; pRequest = X509_REQ_new();
if (pRequest != NULL) { EVP_PKEY* pEVPKeyPair =
EVP_PKEY_new();
if (pEVPKeyPair != NULL) { EVP_PKEY_set1_RSA(pEVPKeyPair, pRSAKeyPair);
//
// Add the public key to the request // X509_REQ_set_pubkey(pRequest, pEVPKeyPair);
//
// Add the subject name to the request // X509_NAME* subjectName;
subjectName =
X509_NAME_new();
if (subjectName != NULL) {
X509_NAME_ENTRY*
pNameEntry;
int nid;
nid =
OBJ_txt2nid("commonName");
ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_commonName*/nid, MBSTRING_ASC, (unsigned char*) certCommonName, _tcslen(certCommonName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; }
if (bSuccess)
{
nid = OBJ_txt2nid("organizationalUnitName"); ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_organizationalUnitName*/nid, MBSTRING_ASC, (unsigned char*) certOrganizationalUnitName, _tcslen(certOrganizationalUnitName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; } }
if (bSuccess)
{
nid = OBJ_txt2nid("organizationName"); ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_organizationName*/nid, MBSTRING_ASC, (unsigned char*) certOrganizationName, _tcslen(certOrganizationName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; } }
if (bSuccess)
{
nid = OBJ_txt2nid("localityName"); ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_localityName*/ nid, MBSTRING_ASC, (unsigned char*) certLocalityName, _tcslen(certLocalityName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; } }
if (bSuccess)
{
nid = OBJ_txt2nid("stateOrProvinceName"); ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_stateOrProvinceName*/ nid, MBSTRING_ASC, (unsigned char*) certStateOrProvinceName, _tcslen(certStateOrProvinceName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; } }
if (bSuccess)
{
nid = OBJ_txt2nid("countryName"); ASSERT(nid != NID_undef); pNameEntry = X509_NAME_ENTRY_create_by_NID(NULL, /*NID_countryName*/ nid, MBSTRING_ASC, (unsigned char*) certCountryName, _tcslen(certCountryName)); if (pNameEntry != NULL) { bSuccess = X509_NAME_add_entry(subjectName, pNameEntry, -1, 0); } else { bSuccess = FALSE; } }
if (bSuccess)
{
bSuccess = X509_REQ_set_subject_name(pRequest, subjectName); }
if (bSuccess)
{
// // Sign the request. // bSuccess = X509_REQ_sign(pRequest, pEVPKeyPair, EVP_sha1()); if (bSuccess) { // // We now have a completed request. We'll return it, in // the requested format, to the caller. // if (bFormatPEM) { BIO* pMemBIO;
pMemBIO =
BIO_new(BIO_s_mem());
if (pMemBIO != NULL) { bSuccess = PEM_write_bio_X509_REQ(pMemBIO, pRequest);
if (bSuccess)
{
BUF_MEM* pMemBuffer; BIO_get_mem_ptr(pMemBIO, &pMemBuffer); *pCertificateRequest = new BYTE[pMemBuffer->length]; memcpy(*pCertificateRequest, pMemBuffer->data, pMemBuffer->length); *pCertificateRequestLen = pMemBuffer->length; BIO_free(pMemBIO); } } else { bSuccess = FALSE; } } else { // // Binary (DER) format.
//
int length; length = i2d_X509_REQ(pRequest, NULL);
if (length != 0)
{
*pCertificateRequest = new BYTE[length];
void* pTempBuffer = *pCertificateRequest;
length = i2d_X509_REQ(pRequest,
(UCHAR**)&pTempBuffer);
*pCertificateRequestLen = length; } else { ASSERT(FALSE); bSuccess = FALSE; } } } }
X509_NAME_free(subjectName);
} else { bSuccess = FALSE; } EVP_PKEY_free(pEVPKeyPair); } else { bSuccess = FALSE; }
X509_REQ_free(pRequest);
} else { bSuccess = FALSE; } return bSuccess;
} |
- Re: Problems generating a CSR David Goldberg
- Re: Problems generating a CSR Dr. Stephen Henson
- Re: Problems generating a CSR David Goldberg
- Re: Problems generating a CSR Dr. Stephen Henson
- Re: Problems generating a CSR David Goldberg
