Re: 2K3 Cert Svcs gives invalid policy error on OpenSSL gen'd cert req



On Jun 5, 2:18 am, Martin Rublik <martin.rub...@xxxxxxxxxx> wrote:
Hi,

what kind of CA are you using? Is it standalone CA or enterprise CA?
Could you please post a test PKCS#10 base 64 encoded request that is
failing?

Regards

Martin

I'm using a stand-alone CA. Here is an example request made in
OpenSSL. I'm thinking it may have to do with ASN.1 formatting and the
use of the OpenSSL API. Our situation demands we can't use the
command line utility in OpenSSL to make the requests, so I'm looking
at the following page: http://msdn2.microsoft.com/en-US/library/aa379076.aspx

and using Peter Guttman's dumpasn1 utility to view the binary
requests:
http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg

-----BEGIN CERTIFICATE REQUEST-----
MIIB+DCCAWECAQAwIzEhMB8GA1UEAxMYVy1TTllERVJSMi5oZS5hZC5pZ3QuY29t
MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCrjSkTSyIJ5Hj+Q+PhWdjbU8T9
SVmhjm0CMP7DM+29u4GqKabXeeDDG2l1mkwYpLcdaUMHvjGtG6V70jqdro7BTfVu
OS+5joX0l634NlcZtLnZj+YrllBwKtoCA9SDIPsxgha5SfEy0Zg/6+6e3MOqcCA2
F+xByquB5YE+oamzwwIBEaCBljCBkwYJKoZIhvcNAQkOMYGFMIGCMEMGA1UdJQQ8
VExTIFdlYiBTZXJ2ZXIgQXV0aGVudGljYXRpb24sIFRMUyBXZWIgQ2xpZW50IEF1
dGhlbnRpY2F0aW9uMDsGA1UdDwQ0RGlnaXRhbCBTaWduYXR1cmUsIE5vbiBSZXB1
ZGlhdGlvbiwgS2V5IEVuY2lwaGVybWVudDANBgkqhkiG9w0BAQUFAAOBgQBrU7iV
Qt2htqH2z1Zk59oXFEAHB6P0Vg8I2VP2NXTPfh1nV8v87o08W1VqrjQb/eVEutNA
ILCcCJm56D3MBUI7e0IMkRoO2EDPqIr9mhcxkxqv5sjfmtTS2FRLHS2IHZtMYxUb
zzReVz2s5ctNuQ9lIFSB/nv/zpWFYRvRXCFrDA==
-----END CERTIFICATE REQUEST-----

.



Relevant Pages