Menu
▾
▴
Re: [SignServer-develop] Signserver certificate request not valid
|
From: Markus K. <ma...@pr...> - 2014-04-02 09:42:11
|
Hi Martin, SignServer uses the BouncyCastle library (currently version 1.47) for constructing the PKCS#10 request. Looking at the code of BC, it looks like the attributes are not included if empty. I have forwarded your question to the bouncycastle mailing list here: http://bouncycastle.org/devmailarchive/msg13727.html Best regards, Markus On 2014-04-02 09:04, Martin Kannel wrote: > Hi signserver developers! > > I'm writing you to notify that Signserver 3.5.0 provide a bit invalid > certificate request: > > In current case the the KeyOne software from Safelayer company does not > accept it like valid request. > Here is this in more detail: > -------- > In the ASN.1 specification of PKCS#10 : > > CertificationRequestInfo ::= SEQUENCE { > version INTEGER { v1(0) } (v1,...), > subject Name, > subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, > attributes [0] Attributes{{ CRIAttributes }} > } > > the attributes field is NOT OPTIONAL, then the DER encoding of this > structure in case it doesnt' specify any atribute must be a SET OF of > length 0. > > In DER encoding you've sent this SET OF is not present and then is not a > correct PKCS#10 > ------ > > It seems like "attributes" field is missing? > > > Our components are: > RHEL6 + Oracle JDK7 + JBOSS 7.1.1 + Signserver 3.5.0 and nCipher netHSM using PKCS11 library > > Best regards > -- Kind regards, Markus Kilås PKI Specialist PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
