asn1parse and underscores
If you are building a CSR that includes the oid for a Microsoft Certificate Services template name, and that name includes an underscore, you might get an error when building a csr.
Error checking request extension section req_ext 00CCADFE01000000:error:0680007C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:crypto/asn1/a_mbstr.c:113: 00CCADFE01000000:error:0688000D:asn1 encoding routines:asn1_str2type:ASN1 lib:crypto/asn1/asn1_gen.c:681:string=ABC_NAME_TESTING 00CCADFE01000000:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto/x509/v3_conf.c:260:value=PRINTABLESTRING:ABC_NAME_TESTING
So what you can do is switch your openssl.cnf to use a different data type: UTF8STRING.
oid_section = new_oids [ new_oids ] certificateTemplateName = 1.3.6.1.4.1.311.20.2 [ req_ext ] certificateTemplateName = ASN1:UTF8STRING:ABC_NAME_TESTING
Comments