Signature did not match the certificate request

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Signature did not match the certificate request

Rahul Tolani
Hi !!

I'm signing a CSR that is generated by Windows Phone.
But in that CSR I have a null character in the subject property.

After changing the subject property and trying to sign the CSR i get an error message
"Signature did not match the certificate request"

How to get through this ??

Here is what i want to modify in CSR.

Actual Subject Property =>
subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\x00

Required Subject Property =>
subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1

i tried using -subj arg
the values chages successfully.

bt when i try to verify the changed CSR it gives verification failure.

Please help me out !!

______________________________
Thanks,
Rahul
Reply | Threaded
Open this post in threaded view
|

Re: Signature did not match the certificate request

Walter H.
On 08.10.2013 15:00, Rahul Tolani wrote:
> Actual Subject Property =>
> subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\x00
this is just a bug - the \x00 looks like the terminating \0 ...

> Required Subject Property =>
> subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1
Greetings,
Walter
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature did not match the certificate request

Viktor Dukhovni
In reply to this post by Rahul Tolani
On Tue, Oct 08, 2013 at 06:00:39AM -0700, Rahul Tolani wrote:

> I'm signing a CSR that is generated by Windows Phone.
> But in that CSR I have a null character in the subject property.

You're not signing the CSR, the phone did that, which is why you
can't modify it.  You're trying to issue a signed certificate
with a public key and subject matching the CSR, but in this case,
with a minor change in the subject name.

The "-subj" argument of the openssl "ca" command is documented
to supercede the supplied subject name.  That should work with
the unmodified CSR.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]