How to process PKCS#10 Certificate Signing Request (CSR) from WebSphere
Originally Published: 2003-04-07
Article Number
Applies To
IBM WebSphere
IBM WebSphere
Keon Certificate Authority
Issue
How to process PKCS#10 Certificate Signing Request (CSR) from Microsoft Windows 2000 domain controller
Program Error
!PKCS10Parse(): [XrcDECODINGFAILURE] unable to complete decoding operation. XudaParsePKCS10Request():
[XrcDECODINGFAILURE: unable to complete decoding operation]
Cause
One specific known encoding error is that there is an extra Context Specific tag included in the encoded Certificate Signing Request (CSR). Another common fault with submissions from a Windows 2000 domain controller is a request with no email address specified. If the ASN.1 is decoded, you would see the following type of display:
SET {
SEQUENCE {
OBJECT IDENTIFIER emailAddress (1 2 840 113549 1 9 1)
IA5String
Error: Object has zero length.
}
}
Resolution
1. Save the Certificate Signing Request (CSR) with a .64 suffix
2. Strip the -----BEGIN NEW CERTIFICATE REQUEST----- header and footer so the file contains pure Base64
3. Open the file with WinZip and extract the file called "unknown.001"
4. Read the file 'unkown.001' with any of the well known ASN.1 decoders
One of the most commonly used and referenced tools is "dumpasn1" from Peter Gutmann, and may be found at http://www.cs.auckland.ac.nz/~pgut001/. Also, a Windows front end has recently been produced and can be downloaded from http://www.geminisecurity.com/guidumpasn.html.
Workaround
Related Articles
IDC unification runs into an error called by by webservice call in RSA Identity Governance & Lifecycle Number of Views Configure Device History Settings for a Risk-Based Authentication Policy Number of Views CreateChangeRequest webservice call with <AccountChange> does not fail on SoD Violations for RSA Via Lifecycle & Governance Number of Views How to Decomission a Host from the Puppet Trust Model Number of Views createChangeRequest Delete Account web serivce call not working in RSA Identity Management and Governance 6.9.1 Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
