Hi, we are running our own CA with openssl 0.9.8k on linux. We get a CSR-Request containing SAN attributes from a Windows IIS Server:
[Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=test1 OU=IT, O=Org, L=Location, S=State, C=DE" KeySpec = 1 KeyLength = 1024 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE RequestType = CMC KeyUsage = 0xa0 ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 [RequestAttributes] SAN="CN=xyz&CN=test3" When I try to sign the csr-Request with openssl I get the following error message: Error reading certificate request in xyz.csr 27756:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 27756:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509_REQ_INFO 27756:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=req_info, Type=X509_REQ 27756:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: Signing Requests without SAN-attributes works just fine. Can anybody help? Thanks Andi </PRE><html><P><SPAN style="FONT-SIZE: 8pt"><FONT color=#000000><FONT face=Arial> This communication and any files or attachments transmitted with it may contain information that is copyrighted or confidential and exempt from <br> disclosure under applicable law. It is intended solely for the use of the individual or the entity to which it is addressed. <br> If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is strictly prohibited. <br> If you have received this communication in error, please notify us at once so that we may take the appropriate action and avoid troubling you further. <br> Thank you for your cooperation. Please contact your local IT staff or email <a href="mailto:i...@wacker.com?subject=disclaimer";>i...@wacker.com</a> if you need assistance. <br> <br> Wacker Chemie AG, Hanns-Seidel-Platz 4, 81737 München, Germany, Sitz München, Amtsgericht München HRB 159705 <br> Vorstand: Rudolf Staudigl (Vorsitzender), Joachim Rauhut, Wilhelm Sittenthaler, Auguste Willems <br> Vorsitzender des Aufsichtsrats: Peter-Alexander Wacker <br> </FONT></FONT></SPAN></P></html>
