|Applies To||RSA BSAFE Cert-C|
Certificate's issuer and/or subject name contains a name attribute (often common name) that is tagged as PrintableString, but it contains characters that are not part of the PrintableString character set, such as the at sign ('@') or underscore ('_'). From http://www.ietf.org/rfc/rfc3280.txt:
Appendix B. ASN.1 Notes
The character string type PrintableString supports a very basic Latin character set: the lower case letters 'a' through 'z', upper case letters 'A' through 'Z', the digits '0' through '9', eleven special characters ' = ( ) + , - . / : ? and space. Implementers should note that the at sign ('@') and underscore ('_') characters are not supported by the ASN.1 type PrintableString. These characters often appear in internet addresses. Such addresses MUST be encoded using an ASN.1 type that supports them. They are usually encoded as IA5String in either the emailAddress attribute within a distinguished name or the rfc822Name field of GeneralName. Conforming implementations MUST NOT encode strings which include either the at sign or underscore character as PrintableString.
|Issue||C_ImportPKCS12(), C_GetNameDER(), or other function fails with error 1809, 0x711 (E_ATTRIBUTE_VALUE) in RSA BSAFE Cert-C|
|Resolution||The Certificate Authority must correct this in the certificate(s). The name attribute should be tagged as UTF8String if it contains any characters outside of the PrintableString character set, or the name attribute's value should be changed so it only contains PrintableString characters. After that, the certificate(s) should be re-issued.|
If you are the one creating the certificate using C_AddNameAVA(), then change the call to use VT_UTF8_STRING instead of VT_PRINTABLE_STRING.
|Legacy Article ID||a27579|