[Ejbca-develop] Creating certificate with only public key present

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

i need to issue certificates from CA while having only key pairs public key. As EJBCA does not verify the signature of CSR i have done it by injecting the public key and it’s exponent into “csr template” and using command line like:

ejbcaClientToolBox.sh EjbcaWsRaCli certreq TEST “GN=TEST,SURNAME=TEST,serialNumber=12345678,CN=TEST\,TEST\,12345678,O=organization,OU=unit,C=EE" NULL “Test Sub CA” "TEST” “TEST-TEST” /path-to-csr/TEST.CSR PKCS10 PEM NONE /path-to-pem/

It works nearly perfect, but there are some cases where the public key or exponent get chopped by 1 byte. In these cases either the exponent or the key in certificate generated differ from the key or exponent in CSR. I have traced it down to cases where either exponent or key begin with HEX 00. When I decode them in for example http://lapo.it/asn1js/ i can see that the asn1 block is truncated by 1 byte and the key or exponent is chopped. Is this a bug or am I doing something terribly wrong?

P.S. I have no means creating correct, signed CSR-s as i have no access to private keys, nor can I use them. Also the system sending me the public keys is not able to generate correct CSR-s.

Wbr,
Lembitu Ling