Menu
▾
▴
Re: [SignServer-develop] Signserver certificate request not valid
|
From: Markus K. <ma...@pr...> - 2014-04-02 11:21:43
|
Hi Martin, The problem was fixed in a later version of BouncyCastle. I registered https://jira.primekey.se/browse/DSS-777 to eventually upgrade BC in SignServer. Best regards, Markus PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 2014-04-02 11:41, Markus Kilås wrote: > Hi Martin, > > SignServer uses the BouncyCastle library (currently version 1.47) for > constructing the PKCS#10 request. > > Looking at the code of BC, it looks like the attributes are not included > if empty. I have forwarded your question to the bouncycastle mailing > list here: > http://bouncycastle.org/devmailarchive/msg13727.html > > > Best regards, > Markus > > > On 2014-04-02 09:04, Martin Kannel wrote: >> Hi signserver developers! >> >> I'm writing you to notify that Signserver 3.5.0 provide a bit invalid >> certificate request: >> >> In current case the the KeyOne software from Safelayer company does not >> accept it like valid request. >> Here is this in more detail: >> -------- >> In the ASN.1 specification of PKCS#10 : >> >> CertificationRequestInfo ::= SEQUENCE { >> version INTEGER { v1(0) } (v1,...), >> subject Name, >> subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, >> attributes [0] Attributes{{ CRIAttributes }} >> } >> >> the attributes field is NOT OPTIONAL, then the DER encoding of this >> structure in case it doesnt' specify any atribute must be a SET OF of >> length 0. >> >> In DER encoding you've sent this SET OF is not present and then is not a >> correct PKCS#10 >> ------ >> >> It seems like "attributes" field is missing? >> >> >> Our components are: >> RHEL6 + Oracle JDK7 + JBOSS 7.1.1 + Signserver 3.5.0 and nCipher netHSM using PKCS11 library >> >> Best regards >> > > > -- Kind regards, Markus Kilås PKI Specialist PrimeKey Solutions AB Anderstorpsv. 16 171 54 Solna Sweden Phone: +46 70 424 94 85 Skype: markusatskype Email: mar...@pr... www.primekey.se |
