Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

asn1parse and underscores

If you are building a CSR that includes the oid for a Microsoft Certificate Services template name, and that name includes an underscore, you might get an error when building a csr.

Error checking request extension section req_ext
00CCADFE01000000:error:0680007C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:crypto/asn1/a_mbstr.c:113:
00CCADFE01000000:error:0688000D:asn1 encoding routines:asn1_str2type:ASN1 lib:crypto/asn1/asn1_gen.c:681:string=ABC_NAME_TESTING
00CCADFE01000000:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto/x509/v3_conf.c:260:value=PRINTABLESTRING:ABC_NAME_TESTING

So what you can do is switch your openssl.cnf to use a different data type: UTF8STRING.

oid_section = new_oids
[ new_oids ]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
[ req_ext ]
certificateTemplateName = ASN1:UTF8STRING:ABC_NAME_TESTING

Comments