000023620 - Error 10008 (NOT_FOUND) when reading in a DSA certificate

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023620
Applies ToCert-C Micro Edition and earlier
Issue Error 10008 (NOT_FOUND) when reading in a DSA certificate

When running the Cert-C ME cert sample to read in a DSA certificate, the following error is returned:

>cert -in dsa.cer -inform bin -text

Unable to load the certificate

Error: (10008) NOT_FOUND


A possible cause is a bug in Cert-C ME release and earlier, where it cannot load a DSA certificate that does not have a NULL parameter in the signature algorithm.  According to RFC 3279 (http://www.ietf.org/rfc/rfc3279.txt), this is correct --  the DSA signature should not have a NULL parameter specified:

     id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
           iso(1) member-body(2) us(840) x9-57 (10040)
           x9cm(4) 3 }
   When the id-dsa-with-sha1 algorithm identifier appears as the
   algorithm field in an AlgorithmIdentifier, the encoding SHALL omit
   the parameters field.  That is, the AlgorithmIdentifier SHALL be a
   SEQUENCE of one component: the OBJECT IDENTIFIER id-dsa-with-sha1.


But somehow, the Cert-C ME toolkit expects a NULL parameter to be there.  This bug has been resolved in Cert-C ME

ResolutionUpgrade to Cert-C ME
Legacy Article IDa34812