000022243 - C_ImportPKCS12()  C_GetNameDER()  or other function fails with error 1809  0x711 (E_ATTRIBUTE_VALUE) in RSA BSAFE Cert-C

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022243
Applies ToRSA BSAFE Cert-C
Certificate's issuer and/or subject name contains a name attribute (often common name) that is tagged as PrintableString, but it contains characters that are not part of the PrintableString character set, such as the at sign ('@') or underscore ('_'). From http://www.ietf.org/rfc/rfc3280.txt:

Appendix B. ASN.1 Notes

The character string type PrintableString supports a very basic Latin character set: the lower case letters 'a' through 'z', upper case letters 'A' through 'Z', the digits '0' through '9', eleven special characters ' = ( ) + , - . / : ? and space. Implementers should note that the at sign ('@') and underscore ('_') characters are not supported by the ASN.1 type  PrintableString. These characters often appear in internet addresses. Such addresses MUST be encoded using an ASN.1 type that supports them. They are usually encoded as IA5String in either the emailAddress attribute within a distinguished name or the rfc822Name field of GeneralName. Conforming implementations MUST NOT encode strings which include either the at sign or underscore character as PrintableString. 
IssueC_ImportPKCS12(), C_GetNameDER(), or other function fails with error 1809, 0x711 (E_ATTRIBUTE_VALUE) in RSA BSAFE Cert-C
ResolutionThe Certificate Authority must correct this in the certificate(s). The name attribute should be tagged as UTF8String if it contains any characters outside of the PrintableString character set, or the name attribute's value should be changed so it only contains PrintableString characters. After that, the certificate(s) should be re-issued.

If you are the one creating the certificate using C_AddNameAVA(), then change the call to use VT_UTF8_STRING instead of VT_PRINTABLE_STRING.
Legacy Article IDa27579