How to process PKCS#10 Certificate Signing Request (CSR) from WebSphere
Originally Published: 2003-04-07
Article Number
Applies To
IBM WebSphere
IBM WebSphere
Keon Certificate Authority
Issue
How to process PKCS#10 Certificate Signing Request (CSR) from Microsoft Windows 2000 domain controller
Program Error
!PKCS10Parse(): [XrcDECODINGFAILURE] unable to complete decoding operation. XudaParsePKCS10Request():
[XrcDECODINGFAILURE: unable to complete decoding operation]
Cause
One specific known encoding error is that there is an extra Context Specific tag included in the encoded Certificate Signing Request (CSR). Another common fault with submissions from a Windows 2000 domain controller is a request with no email address specified. If the ASN.1 is decoded, you would see the following type of display:
SET {
SEQUENCE {
OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
IA5String
Error: Object has zero length.
}
}
Resolution
1. Save the Certificate Signing Request (CSR) with a .64 suffix
2. Strip the -----BEGIN NEW CERTIFICATE REQUEST----- header and footer so the file contains pure Base64
3. Open the file with WinZip and extract the file called "unknown.001"
4. Read the file 'unkown.001' with any of the well known ASN.1 decoders
One of the most commonly used and referenced tools is "dumpasn1" from Peter Gutmann, and may be found at http://www.cs.auckland.ac.nz/~pgut001/. Also, a Windows front end has recently been produced and can be downloaded from http://www.geminisecurity.com/guidumpasn.html.
Workaround
Related Articles
Configure Device History Settings for a Risk-Based Authentication Policy Number of Views Detailed report of memory utilization on Linux for RSA Authentication Manager 8.x Number of Views False Positive - RSA Authentication Manager 8.1 SP1 P10 vulnerable to CVE 2016-0728, CVE-2015-8787 and CVE-2015-8709 (Open… Number of Views Token import fails on desktop using CT-KIP via Group policy Number of Views RSA Governance & Lifecycle Advanced Dashboards Library Release Notes - Revision 3.0 Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
