Re: [Ejbca-develop] CSR Request Failing in Create Certificate from CSR, Public Web Interface

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

When submitting CSRs you must use keystore type "USERGENERATED", 
everything else means server generated keys.

Cheers,
Tomas
-----
PrimeKey Solutions offers commercial EJBCA and SignServer support 
subscriptions and training courses. Please see www.primekey.se or 
contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

On 09/10/2012 06:04 PM, Jack D. Pond wrote:
> Even more information:
> 2012-09-06 17:36:09,802 INFO  [org.ejbca.core.model.log.Log4jLogDevice]
> (http-0.0.0.0-8443-2) 2012-09-06 17:36:09-04:00, CAId : -1724983956, CA,
> EVENT_INFO_REQUESTCERTIFICATE, Administrator : PUBLICWEBUSER : IP
> Address : [CA IP Addr], User : SSLVPN_wbcb1490_com, Certificate : No
> certificate involved, Comment : Received certificate request for user
> SSLVPN_wbcb1490_com for CA [CAId] with certificate profile [cpprofile].
>
> 2012-09-06 17:36:09,956 INFO  [org.ejbca.core.model.log.Log4jLogDevice]
> (http-0.0.0.0-8443-2) 2012-09-06 17:36:09-04:00, CAId : [CAId], CA,
> EVENT_INFO_CREATECERTIFICATE, Administrator : PUBLICWEBUSER : IP Address
> : [CA IP Addr],User : SSLVPN_wbcb1490_com, Certificate : No certificate
> involved, Comment : Illegal key length: 1024.
>
> *From:*Jack D. Pond [mailto:jac...@ps...]
> *Sent:* Monday, September 10, 2012 12:25 PM
> *To:* ejb...@li...
> *Subject:* Re: [Ejbca-develop] CSR Request Failing in Create Certificate
> from CSR, Public Web Interface
>
> Oh,  Little more information:
>
> java version "1.6.0_24"
>
> OpenJDK Runtime Environment (IcedTea6 1.11.4) (6b24-1.11.4-1ubuntu0.12.04.1)
>
> OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)
>
> *From:*Jack D. Pond [mailto:jac...@ps...]
> <mailto:[mailto:jac...@ps...]>
> *Sent:* Monday, September 10, 2012 12:09 PM
> *To:* ejb...@li...
> <mailto:ejb...@li...>
> *Subject:* [Ejbca-develop] CSR Request Failing in Create Certificate
> from CSR, Public Web Interface
>
> Whether asking for entity PKCS #7 or PEM, get “Invalid Key in request:
> Illegal key length: 1024.. Please supply a correct request.”
>
> Note:  If doing batch generation, no problem, generates 2048 key & cert,
> so I know the 2048 part on the end entity is correct, but of course then
> it’s not using the user created key from the CSR.
>
> I saw this bug, but assuming since closed, not relevant:
> https://jira.primekey.se/browse/ECA-1613?page=com.atlassian.jira.plugin.system.issuetabpanels%3Achangehistory-tabpanel
>
> Debug Information:  CSR: PEM, 2048 bit – obviously, I’m going to throw
> this one away.
>
> -----BEGIN CERTIFICATE REQUEST-----
>
> MIIC9DCCAdwCAQAwga4xHDAaBgNVBAMTE3NzbHZwbi53YmNiMTQ5MC5jb20xKDAm
>
> BgkqhkiG9w0BCQEWGXN1cHBvcnRAbGV4dGVjaGF1ZGl0cy5jb20xCzAJBgNVBAYT
>
> AlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFzAVBgNVBAcTDkZhaXJsZXNzIEhp
>
> bGxzMRIwEAYDVQQKEwlXQkNCIDE0OTAxEzARBgNVBAsTClByb2R1Y3Rpb24wggEi
>
> MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5oKhG73qA8JxZNTlLpwOpHX7m
>
> mlKBjmVSIs8OlJRkEsAFR9WWS2pldVqA3OnANPJNodzDrQzYDeRpl6ZwNuylMcTR
>
> 9w32A4nobZtpuYlHTWB81dQ5O6vylte6VYr3Rv2J0caRF1S0CTdA64wh2AGl7kng
>
> zOD5UmGc+vUwgWNHX6buUNURJAOXNegp/0AeCV6JD3WfRfSbXoKF4eDAH/mYRqKw
>
> 7XXQ/WcPgHqy8HDuaN9AF1f/rEvya8nShZNsaTGgapyfkpn1GUTaIVjW0UaG9tee
>
> eZag0V1oZLzcBob4dkinz/7FoYB2BSAxwBPsmQlQgWub4EKagZRubTld0O3HAgMB
>
> AAGgADANBgkqhkiG9w0BAQUFAAOCAQEAukcNs0mkTlehUmrypwCltcEcMxWaYL/n
>
> xcOUel6nifqh7ulq4ioHqKRVxwdgO83EcQtUkg4OLBnD+WVfzNgANhiQjXj+1wYH
>
> rTJhYPFFGHQv9dbajSw6ARY77cD02JfLipGJBeEXB7B1DWTJyiaNk6po0ahCfupv
>
> vvb4iEag+xJO/1biXSibMsUAJkaMlm5ue2oH0lhNt+2u64pxkyRNvHx8Y8sugRBL
>
> 0FSK3EyBZBYSNPJtUUNQCF/N1eqDIbbnLKo6Z7ALcj/fqMgIcy7nda+mdrWSTFRM
>
> rfsZyWOZn7L0z1IHeCHk9Cjhc81400ph16lvkmHluy+ABelCUnFXaw==
>
> -----END CERTIFICATE REQUEST-----
>
> CSR Details (from) >openssl req -text -noout -in “CertName.csr "
>
> Certificate Request:
>
>      Data:
>
>          Version: 0 (0x0)
>
>          Subject:
> CN=sslvpn.wbcb1490.com/emailAddress=su...@le...
> <mailto:CN=sslvpn.wbcb1490.com/emailAddress=su...@le...>,
> C=US, ST=Pennsylvania, L=Fairless Hills, O=WBCB 1490, OU=Production
>
>          Subject Public Key Info:
>
>              Public Key Algorithm: rsaEncryption
>
>                  Public-Key: (2048 bit)
>
>                  Modulus:
>
>                      00:f9:a0:a8:46:ef:7a:80:f0:9c:59:35:39:4b:a7:
>
>                      03:a9:1d:7e:e6:9a:52:81:8e:65:52:22:cf:0e:94:
>
>                      94:64:12:c0:05:47:d5:96:4b:6a:65:75:5a:80:dc:
>
>                      e9:c0:34:f2:4d:a1:dc:c3:ad:0c:d8:0d:e4:69:97:
>
>                      a6:70:36:ec:a5:31:c4:d1:f7:0d:f6:03:89:e8:6d:
>
>                      9b:69:b9:89:47:4d:60:7c:d5:d4:39:3b:ab:f2:96:
>
>                      d7:ba:55:8a:f7:46:fd:89:d1:c6:91:17:54:b4:09:
>
>                      37:40:eb:8c:21:d8:01:a5:ee:49:e0:cc:e0:f9:52:
>
>                      61:9c:fa:f5:30:81:63:47:5f:a6:ee:50:d5:11:24:
>
>                      03:97:35:e8:29:ff:40:1e:09:5e:89:0f:75:9f:45:
>
>                      f4:9b:5e:82:85:e1:e0:c0:1f:f9:98:46:a2:b0:ed:
>
>                      75:d0:fd:67:0f:80:7a:b2:f0:70:ee:68:df:40:17:
>
>                      57:ff:ac:4b:f2:6b:c9:d2:85:93:6c:69:31:a0:6a:
>
>                      9c:9f:92:99:f5:19:44:da:21:58:d6:d1:46:86:f6:
>
>                      d7:9e:79:96:a0:d1:5d:68:64:bc:dc:06:86:f8:76:
>
>                      48:a7:cf:fe:c5:a1:80:76:05:20:31:c0:13:ec:99:
>
>                      09:50:81:6b:9b:e0:42:9a:81:94:6e:6d:39:5d:d0:
>
>                      ed:c7
>
>                  Exponent: 65537 (0x10001)
>
>          Attributes:
>
>              a0:00
>
>      Signature Algorithm: sha1WithRSAEncryption
>
>           ba:47:0d:b3:49:a4:4e:57:a1:52:6a:f2:a7:00:a5:b5:c1:1c:
>
>           33:15:9a:60:bf:e7:c5:c3:94:7a:5e:a7:89:fa:a1:ee:e9:6a:
>
>           e2:2a:07:a8:a4:55:c7:07:60:3b:cd:c4:71:0b:54:92:0e:0e:
>
>           2c:19:c3:f9:65:5f:cc:d8:00:36:18:90:8d:78:fe:d7:06:07:
>
>           ad:32:61:60:f1:45:18:74:2f:f5:d6:da:8d:2c:3a:01:16:3b:
>
>           ed:c0:f4:d8:97:cb:8a:91:89:05:e1:17:07:b0:75:0d:64:c9:
>
>           ca:26:8d:93:aa:68:d1:a8:42:7e:ea:6f:be:f6:f8:88:46:a0:
>
>           fb:12:4e:ff:56:e2:5d:28:9b:32:c5:00:26:46:8c:96:6e:6e:
>
>           7b:6a:07:d2:58:4d:b7:ed:ae:eb:8a:71:93:24:4d:bc:7c:7c:
>
>           63:cb:2e:81:10:4b:d0:54:8a:dc:4c:81:64:16:12:34:f2:6d:
>
>           51:43:50:08:5f:cd:d5:ea:83:21:b6:e7:2c:aa:3a:67:b0:0b:
>
>           72:3f:df:a8:c8:08:73:2e:e7:75:af:a6:76:b5:92:4c:54:4c:
>
>           ad:fb:19:c9:63:99:9f:b2:f4:cf:52:07:78:21:e4:f4:28:e1:
>
>           73:cd:78:d3:4a:61:d7:a9:6f:92:61:e5:bb:2f:80:05:e9:42:
>
>           52:71:57:6b
>
> Jack D. Pond
> Description: Description: C:\Users\Jack D
> Pond\AppData\Roaming\Microsoft\Signatures\JDP-PSITEX_files\image001.png
>
> */"Truth is the summit of being; justice is the application of it to
> affairs." -- Ralph Waldo Emerson, (1803-1882)/*
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>