Re: VeriSign Browser Emulation mode PKCS#10 Request

From: Amol (mumbhai_dude_at_yahoo.com)
Date: 11/10/03 

Date: 10 Nov 2003 03:35:11 -0800

Erwann ABALEA <erwann@abalea.com> wrote in message news:<Pine.LNX.4.33.0311082312121.9313-100000@patchwork.seclogd.org>...
> On 8 Nov 2003, Amol wrote:
>
> > Erwann ABALEA <erwann@abalea.com> wrote in message news:<Pine.LNX.4.33.0311071607260.28761-100000@patchwork.seclogd.org>...
> > > Hi,
> > >
> > > On 5 Nov 2003, Amol wrote:
> > >
> > > > One of the Key-value pair is public key-----
> > > > Name Value/Tag Mandatory/Optional Description
> > > > public_key BASE 64 Mandatory The base64 encoded PKCS#10
> > > >
> > > > 1. Does Verisign require the 'PKCS#10 Request' to contain only the
> > > > public key OR does the PKCS#10 request can contain other fields e.g.
> > > > DN name?
> > >
> > > Generally, the VeriSign platform extracts the public key from the PKCS#10,
> > > and get the other informations (i.e. DN and the like) from NVP transmitted
> > > at the same time.
> > >
> > > You can put DN information into the PKCS#10, but they'll be silently
> > > ignored.
> > >
> > I created a PKCS10 request, contaning the public key, and the DN had
> > only the common name. Now, this question is too specific to verisign.
>
> That's good.
>
> > On submitting a http post request to verisign with all the mandatory
> > key-value pairs, i got an http response containing certain error code.
> > '6400'. this code is for some bad entry in the request, but it does
> > not mention exactly which entry was incorrect? I have tried all
> > combinations but it does not seem to work.
>
> 6400 is "ERROR_FOUND_IN_LIST". I don't know which list it is.
> Could you please post the whole list of NVP?

I am not using CSR based enrollment. I am using the 'browser emulation
mode' as mentioned in the technical reference manual of verisign. You
can obtain the technical reference manual when you set up evaluation
CA (test CA) on Verisign site. i.e. I create key-value pairs of all
the mandatory fields, and post it to the CA URL. In the http response
I get a key-value pair which has error_status=6400. The 'Error Codes
and Troubleshooting Guide' which talks about this error code can also
be obtained when you register for the test CA.

Relevant Pages

  • Re: VeriSign Browser Emulation mode PKCS#10 Request
    ... > for a VeriSign affiliate since 6 years now. ... This is nothing but sending the enrollment details as ... key-value pairs in an http post request message to the CA URL. ... > - post the CSR ...
    (sci.crypt)
  • Re: VeriSign Browser Emulation mode PKCS#10 Request
    ... > Verisign supports only PKCS#10. ... > the PKCS#10 CertificationRequest message as it seems Verisign ignores ... > all other attributes other than the public key. ... > key-value pairs in a http post request message and need not be ...
    (sci.crypt)
Quantcast