Problem Generating a certificate request

Similar Messages

• How to generate a certificate request with more than one OU?

  We're using Sun Java System Web Server 6.1 SP4. The Corp. has it's own CA and organize their certificates in a hierarchical rule with more then one organization unit (OU) in a chain.
  So what we need is generate a certificate requeste with more than one OU, but the Web Server wizard has only one text field for it. We've already tried to fill in this field the complete chain of OUs like "ou=orgX, ou=deptY, ou=secZ" and didn't work either.
  Thank's in advance,
  Jeff!

  Do you have tried with the command line "certutil" ?
  #<SERVER-ROOT>/bin/https/admin/bin/certutil

• Generate a certificate request with API (CSR, PKCS#10)

  Hi everybody,
  I want to request for a certificate using a PKCS10 File.
  I generate this file with this code :
  package test;
  import sun.security.pkcs.*;
  import sun.security.x509.*;
  import java.security.*;
  import cryptage2.RSACryptor;
  import org.bouncycastle.jce.provider.BouncyCastleProvider;
  import com.sun.crypto.provider.SunJCE;
  import java.io.*;
  public class TestPKCS10
  public static void main(String argv[]){
            try{
       // provider
                 SunJCE jce = new SunJCE();
  Security.addProvider(new BouncyCastleProvider());
  Security.addProvider(jce);
                 // generate KeyPair
       KeyPair pair = RSACryptor.generateKeyPair();
       // get Instance of signature with MD5 algorithm
       Signature dsa = Signature.getInstance("MD5withRSA");
                 // get Private Key
                 PrivateKey priv = pair.getPrivate();
            // init Signature with private Key
                 dsa.initSign(priv);
       // sign
  byte[] sig = dsa.sign();
                 // info for X509 are in X500Name Object
                 X500Name x500name = new X500Name(
  "Nicolas LEFEUVRE","IN","InTech","Schifflange","Luxembourg","Luxembourg");
                 // signer : bind Signature and X500Name
                 X500Signer signer = new X500Signer(dsa,x500name);
                 // get public Key
                 PublicKey publicKey = pair.getPublic();
                 // create PKCS10 with public key
                 PKCS10 pk = new PKCS10(publicKey);
                 // sign and encode the PKCS10
                 pk.encodeAndSign(signer);
                 // save in file PKCS10_2
  PrintStream out =
  new PrintStream(new FileOutputStream("c:/temp/pkcs10_2"));
  catch(Exception e){e.printStackTrace();}
  The PKCS10 look like this :
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBuTCCASICAQAweTETMBEGA1UEBhMKTHV4ZW1ib3VyZzETMBEGA1UECBMKTHV4ZW1ib3VyZzEUMBIGA1UEBxMLU2NoaWZmbGFuZ2UxDzANBgNVBAoTBkluVGVjaDELMAkGA1UECxMCSU4xGTAXBgNVBAMTEE5pY29sYXMgTEVGRVVWUkUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzTrStPIyUyygFTU5p6QjGyLfAXncUvwA/i+sK2wY1S6EFYGGd7luGXI3NekVvEEzwIZ+eQ+STB7J7XVik8REubJl6gXlZTcrOdVzg6JJtHwbDoTpZnB09hGGZUzdyKsnGVIwZ4Un54Z44BZBm5qeOqYMKLK50YCC6ACqdfu/rpAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBViesKVPfgkGSB2MYIln6yWPGmOjbLsdGdzSr/EWbtIAuT75ROZpeKKHzpfuHDC1xpbs0iZYvRACujyqeqRHIzomHu6NW7v2+B5CkoP5YsxXswr25fBMRawRckqnzMuZz79G1bi3CtQbh+MbdwvDvvs7DucPgsI7Cn8Fbg214C9Q==
  -----END NEW CERTIFICATE REQUEST-----
  I use Microsoft Certificate Server (a service of Microsoft NT2000 server) to generate certificate, I have this message :
  �The request subject name is invalid or too long. 0x80094001 (-2146877439)C�
  Any idea ?

  Nicolas, i'm not sure but can you try it anyway?
  replace Nicolas LEFEUVRE
  with Nicolas_LEFEUVRE
  There is something about blanks in the Common Name
  I'm not sure how or what, but just give it a try!

• Problem generating SSL certificate

  I'm trying to generate a CSR from oracle wallet 10g R2 for a wildcard SSL account with network solutions. Wallet gives an error when I use *.mydomain.com for the common name, yet netsol requires this format to register the certificate. Any ideas on how to workaround this issue.

  Hi,
  I'm having the same problem... Did you have any luck solving this issue?
  Derek

• How to generate CSR (certificate signing request) in PKCS#10 format

  Hi,
  First, I am a novice in security issues.
  Problem:
  I know how to generate CSR using PKCS#10 format with keytool. However I need to implement this functionality in my application. Unfortunately I can't find any docs describing this issue.
  Do anybody know about some API where I just pass data and it will generate CSR for me?
  Many Thanks,
  Miso

  Hi again,
  After a long research I am finally able to generate PKCS#10 cert. request files:
  public static void generatePKCS10() throws Exception {
          // generate PKCS10 certificate request
          KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
          String sigAlg = "MD5WithRSA";
          // generate private key - use java.util.SecureRandom for entropy
          keyGen.initialize(1024, new SecureRandom());
          KeyPair keypair = keyGen.generateKeyPair();
          PublicKey publicKey = keypair.getPublic();
          PrivateKey privateKey = keypair.getPrivate();
          PKCS10 pkcs10 = new PKCS10(publicKey);
          Signature signature = Signature.getInstance(sigAlg);
          signature.initSign(privateKey);
               //common, orgUnit, org, locality, state, country
          X500Name x500Name = new X500Name(
                    "CName",               // CN
                    "OUnit",               // OU
                    "Organization",          // O
                    "Bratislava",          // L
                    "Slovakia",               // S
                    "SK");               // C
          pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
          // PKCS10 request generated
          pkcs10.print(System.out);
  Problem 1:
  However, this generates only a request with X500 subject's name ("CN, OU, O, ..."). But I also want to specify other things like "Key Usage" (example: "Digital Signature, Key Encipherment, etc.") or "Generic IA5 String" (example: "Only for test purposes."). How to do that?
  Problem 2:
  I'm also having trouble to find javadoc for "sun.security" package. As you can see, I'm using "sun.security.pkcs.PKCS10" class for generating CSR in PKCS10 format, but can't find any javadoc for it.
  Many thanks,
  Miso

• Messaging Server: Problem Adding SSL Certificate

  We have a problem importing a CA certificate into Messaging Server 7 on Solaris 10 x86.
  Platform
  uname -a
  SunOS mail1 5.10 Generic_138889-03 i86pc i386 i86pcMessaging Server Version
  imsimta version
  Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec  9 2008)
  libimta.so 7.0-3.01 64bit (built 09:24:13, Dec  9 2008)We have created a certificate database and generated a certificate request, as follows:
  msgcert generate-certDB
  msgcert request-cert --name mail.domain.xxx  --org "University of XXX" --org-unit ITS --city XXX  --state "XXX" --country GB -F ascii -o /tmp/ssl.csrHowever, when we come to import the CA-supplied certificate we get the following error.
  msgcert add-cert Server-Cert /tmp/mail1.crt
  Enter the certificate database password:
  Unable to find private key for this certificate.
  Failed to add the certificate.I'm confused. What does the msgcert request-cert command use as a private key when generating the certificate request? Should I have used openssl to generate the certificate request with a known private key?
  Thanks
  Alan

  I solved the problem by converting certificate to pkcs#12 format and importing it.
  openssl pkcs12 -export -in cert.pem -inkey private.key -out cert.pkcs12 -name Server-Cert
  /opt/sun/comms/messaging64/bin/msgcert add-cert Server-Cert cert.pkcs12Alan

• Certificate request not working with web server v2 template on windows 2012 R2

  I have tried to generate a certificate request on my domain joined Windows 2012 R2. I have tried both online and offline requests. I am using the web server v2 template.
  Both Method fails with error message that the cryptographic algorithm is unknown. I am using these settings apart from the template:
  This is the error Message in online request:
  The error Message in the offline request is somewhat similar.
  An event error is also appearing in the application log:
  The CSPs from the template:
  I am wondering if a cryptographic service provider or several of them are missing? They are installed With Windows update are they not? The strange thing is that this supposedly have worked before with another user. Could it be that I do not have the
  correct permissions to request a certificate with this template, or has something happened with the server? 

  Hey dag 
  Thanks for posting ,
  If You try duplicate the web template for using it in version 4 - can You see any difference? 
  Also check the link below for certificate templates versions:
  http://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx#Version_4_Certificate_Templates
  In previous operating system versions the configuration of CSPs and KSPs were on different tabs in the certificate properties. For version 2 certificate templates, CSPs were configured on the Request Handling tab. For version 3 certificate templates,
  KSPs were configured on the Cryptography tab. Starting in Windows Server 2012, the configuration of the providers is consolidated on the Cryptography tab. To learn more about the cryptographic provider options present in previous operating systems
  Notice later.
  I'd be glad to answer any question

• Generate a Certificate Signing Request

  Hey guys, I'm new to the Safari developer program and I'm having problems with the Generate a Certificate Signing Request for my PC. It worked fine on my Mac but not on my windows 7 PC. I follow the steps, saving the file then opening "CMD.exe" and type in the request and place "" with  the path of the file saved in step one but once I hit enter it gives me a

  Requires a Mac and your keychain.

• Can't run wallet manager to generate certificate request

  Hi!
  I'm having some trouble running the wallet manager to generate a security certificate on a live application server box.
  No matter what I do from the GUI I can't set the display variable correctly. I have tried EVERYTHING. It won't be set. And I can't restart or turn off the box as its a production machine and it's currently heavily in use.
  If I try to use mkwallet logged in as oracle I just get 2 "Failed to create a certificate request" messages after:
  1. running:
  mkwallet -e pwd wrl
  to generate an empty wallet
  and 2. running:
  mkwallet -r pwd wrl CN=domain.com, O=Business Name, L=Suburb, ST=State, C=AU 1024 certReqLoc
  and if I try to run mkwallet as root I just get:
  error while loading shared libraries: libclntsh.so.10.1: cannot open shared object file: No such file or directory
  Advice greatly appreciated!!

  You must repeatedly tap the F11 key at boot to get to the recovery manager.
  Did you make recovery disks when you got the computer?
  If not you may order them.  If you live in the USA/Canada, call this number...  1-800-334-5144.
  If you do not live in the USA/Canada, call the HP business PC support number for the country you live in.
  http://h50146.www5.hp.com/lib/doc/manual/desktop/b​usiness_desktops/6005us_332630_007.pdf
  Please mark my post as SOLVED if it has resolved your problem. It helps others with similar situations.

• WLS70 SSL encrypted keys and Certificate Request Generator

  Hi,
  we are trying to certificate our WLS 7.0. We use the Certificate Request Generator
  webapp for generating the request. The generator forces the user to give in a
  private key password. But in the server's SSL config tab the field "Use encrypted
  Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Is this a bug
  in WLS7.0?

  Hi Alain,
  thanks for your workaround. We will check it out ... although I've been instructed
  on the BEA admin trainee to never change config.xml manually :)
  "Alain Hsiung" <[email protected]> wrote:
  Hi Joern
  consider it a bug or not, you can go to the file config.xml and edit
  the
  XML attribute "KeyEncrypted" of the XML element "SSL" to "true".
  Hope this helps.
  Regards
  Alain Hsiung, Ideartis Inc.
  "Joern Wohlrab" <[email protected]> wrote in message
  news:[email protected]..
  Hi,
  we are trying to certificate our WLS 7.0. We use the Certificate RequestGenerator
  webapp for generating the request. The generator forces the user togive
  in a
  private key password. But in the server's SSL config tab the field"Use
  encrypted
  Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Isthis a
  bug
  in WLS7.0?

• Problem with Generate a certificate and Key

  I have a Cisco S370 and generated a certificate Key to block HTTPS pages.
  I require a CA signs the certificate generated by the Cisco S370, but the CA returns me an error and asks the key is changed to 2048, but I have no option to do this in the GUI, look in the CLI but can not find any option to change the HTTPS certificate key 2048
  You can change the certificate that was generated by the WSA S370 to 2048

  In addtition to Kush's response, we had a similar thread in the past. Please refer to:
  https://supportforums.cisco.com/message/3900340?referring_site=bss&channel=bdp#3900340
  Also, please note it would be advisable to refer to this Feature Request using Cisco Bug ID CSCzv70884 instead of
  86121.
  You can search for Bug IDs using Cisco Bug Search Tool :
  https://tools.cisco.com/bugsearch/
  From this tool, you can not only obtain info about the bug but also open TAC cases and Save the bug so you can get updates.
  Regards,
  -Valter

• How to generate a PKCS#10 certificate request

  Hi:
  does OWM generates certificate requests in PKCS#10 format?
  TIA

  Do you have tried with the command line "certutil" ?
  #<SERVER-ROOT>/bin/https/admin/bin/certutil

• Error generating certificate request in JES DSEE 6.0

  If I try to generate a CA signed certificate request through the DSCC interface, I get an error message that the given subject "CN=...,O=..." is improperly formatted.
  I get the same error while performing this operation through command line.
  Any kind of help on what could be the reason for the same, is highly appreciated.
  Thanks
  Prabhjeet

  Well the fact that both tools are issuing the same error is an indication that there is really an improper format in the Subject DN. Without the complete value, it is hard to explain the reason.
  Do the CN and O values only contain Ascii characters or UTF-8 encoded characters ?
  Regards,
  Ludovic.

• How to generate PKCS#10 ECDSA Certificate Requests?

  Hi all,
  Can any body please let me know how can I create ECDSA/RSA/DSA PKCS#10 certificate requests in Java using non-SUN providers?
  I've looked at the Java API docs and couldn't find any class for this purpose. Is there any open-source Classes/Tools which can be used?
  I've tried keytool with my provider which supports RSA and ECDSA, it works with RSA but not ECDSA.
  I'd appreciate your help.
  Joe

  Hi all,
  Can any body please let me know how can I create ECDSA/RSA/DSA PKCS#10 certificate requests in Java using non-SUN providers?
  I've looked at the Java API docs and couldn't find any class for this purpose. Is there any open-source Classes/Tools which can be used?
  I've tried keytool with my provider which supports RSA and ECDSA, it works with RSA but not ECDSA.
  I'd appreciate your help.
  Joe

• 1921 ISR certificate request not valid

  I'm trying to perform a certificate request on a 1921 router.  I've followed the wizard using Cisco Configuration Professional several times.  First I created a 2048 RSA key pair, then used the "Cut-and-Paste" wizard in CCP to generate the CSR using that keypair.  When pasting the text into Godaddy's CSR window, Godaddy responds with "Invalid CSR submitted. Please re-create your CSR and submit your request again".  Done this numerous times tweaking this and that with no success.
  I've tried adding the  "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" but that has not changed the behavior.
  Anyone seen this before?  I've Googled it to death and can't find a solution.

  Hi.  Yes, it's for an SSL cert.  Just moments ago I got it to work, but only after running the CSR through one of the online decrypters.  I was trying to make sure the encoded information was valid.  One of the decrypters automatically reformatted the text, and added the header and footer lines I mentioned above.  Only after copying THIS text and pasting into the GoDaddy window was the CSR valid.  Very weird.  I attempted this process no less than 25 times and was about to tear my hair out.
  I can't say what the problem was but some for of reformatting the CSR output was required before GoDaddy would accept the CSR.
  The output that worked, and my output, look exactly the same.  Not just characters, but formatting, etc. including the header and footer lines.
  This should be a very repeatable issue.  Anyone with a router and a copy of CCP can see the issue.
  At any rate, problem is solved for now, but I can't say what the solution actually was.