Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 29, 2010 4:47 PM
HI,
I am using a Windows 2008 server, SP2 with the latest updates on. I am trying to use a .csr file that I have created on a 3rd party (Nextplane) system to create a certificate however when I try I get the error
Your Request Id is 0. The disposition message is "Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439)"
I have tried both the "Submit new request" against the server in the CA snapin in MMC and also the method of using a "Router offline request template as suggested in this
I have checked the csr file using a online csr decoder and it looks OK as far as I can tell (this is a test setup on a private network so I'm not worried about the risk of using a online decoder). The decoder shows the 'Subject' line as having 78 characters, including spaces etc. As the server and domain names aren't excessive I don't think that this is unusually long.
Is this likely to be the length of the subject line causing the problem or is the problem something else and the subject length just a red herring?
Thanks in advance for any suggestions
Neil
All replies (5)
Monday, November 1, 2010 4:25 PM âś…Answered | 10 votes
Here is your problem:
Subject:
CN=nextplane-svr.ocs.network-box.info
OU=ocs
O=network-box.info
C=info
'Country' DN suffix supports only 2-character country codes, such: LV, US, GB, FR, IT, RU and so on. For more details see:
Friday, October 29, 2010 4:58 PM
can you show the output of the command:
certutil -dump <file.req>
I'm interesting in Subject and Extensions fields.
Monday, November 1, 2010 3:10 PM
As requested dump is below. The certificate server is in the same domain (ocs.network-box.info) as the server I am requesting a certificate for.
Thanks
Neil
PKCS10 Certificate Request:
Version: 1
Subject:
CN=nextplane-svr.ocs.network-box.info
OU=ocs
O=network-box.info
C=info
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 8e b4 8f 45 34 f7 5b b5 af
0010 b8 3b f9 98 89 d8 c5 ac 78 89 83 f6 5e da 14 44
0020 e9 97 55 c5 e7 64 57 a9 c1 84 9b fd 79 2f 74 7e
0030 22 2f a2 0e 2a ba 53 98 bc 5d c7 58 68 2e d9 44
0040 2b 3a 0a b4 1d af ef 40 a4 b6 c1 cb 8e 0e df 23
0050 18 31 7d 08 c5 fb a3 79 7a 52 eb dd 61 03 c4 ce
0060 c0 4c 96 a3 88 01 47 16 a5 08 d2 98 55 6d 9d 12
0070 db f7 5f d9 8c ae fd 8d 45 38 ba cf 79 71 24 03
0080 b5 7b 2b 5d 39 0c e1 02 03 01 00 01
Request Attributes: 0
0 attributes:
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 7e d7 3a 73 37 63 4f 14 9a cf 15 a7 c8 78 57 e4
0010 49 a5 64 f2 70 61 bc 00 8c 2e 55 80 0a c4 60 af
0020 2f f0 ce fc c0 b7 dd be 4b f5 80 9a b3 ab b0 ca
0030 98 da 2b c1 a1 a3 eb 06 7d 03 cc e0 94 fe 14 08
0040 c7 c2 93 79 10 12 a9 31 8a e7 53 2b 8f 2b c2 a4
0050 96 cd 26 b6 31 9c 4b 53 2c 9b ba 2c 21 d4 b9 27
0060 31 bf 26 76 69 6d 91 74 f0 eb 95 98 f8 ef ec bd
0070 e7 e5 ba 9c 68 8e e8 5d c1 af b8 8f f6 59 6d 54
Signature matches Public Key
Key Id Hash(rfc-sha1): 6a 35 88 17 e4 43 87 50 21 da 73 8f 6b b5 c9 f2 57 47 ba af
Key Id Hash(sha1): 27 3d 8c 60 e4 83 eb ef 62 c6 26 c6 e3 d4 ca e5 bb ed b0 f7
CertUtil: -dump command completed successfully.
Saturday, January 7, 2012 2:38 AM | 1 vote
very thanks
Wednesday, January 18, 2017 2:43 PM
thx - was using USA
Dale Unroe