I am trying to submit a CSR request in the following way:

require 'openssl' require 'json' def public_key_info key_info = private_key.public_key.to_pem key_info = key_info.sub! '-----BEGIN PUBLIC KEY-----', '-----BEGIN CERTIFICATE REQUEST-----' key_info = key_info.sub! '-----END PUBLIC KEY-----', '-----END CERTIFICATE REQUEST-----' key_info end # "Creating a new 2048bit RSA Keypair..." def private_key @private_key = OpenSSL::PKey::RSA.new 2048 end payload = { "CsrData" => public_key_info, "certTemplate" => "MyTemplate" } encoded = JSON.generate(payload) p "Payload is #{encoded}" response = RestClient::Resource.new( ' ).post encoded, :content_type => 'application/json', :accept => 'text/plain' response_json = JSON.parse(response.body) p response_json 

The request failed with the error The submission failed: Error Parsing Request. ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG):

{ "certTemplate":"MyTemplate", "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeK196VcjZZFbKyEjpj\n8I6DjHbwiMi9I10tV41OEt9Ozp+M0V6TYOKNlJTXGxNUHD0lXFJBlS2z/PLQbW/3\n6C9xRkIclve5Uq8J2NmubnR9+NOt/cjPb4EJtMlxySq5cWOqEyq4UirUEfch9HMC\nkLwJ0MPdrDatZqfIv1IvhBiKfyqWV2jds3X60NlmvyGxnrd54dO8/OqNJNmw2BP9\n3aa21asRqB7oPW2H49o2gwDxF6ZEwymAFvU4jvO+BQLRDYTm8GslHyX9kCXWnYHg\nX7gqvek/mu7KqyIB44YyOjGYkVX76El32B08ruKlc+xZ8kFWC1bMzwZNoFEBKO6D\n9QIDAQAB\n-----END CERTIFICATE REQUEST-----" } {"ErrorCode"=>1005, "ErrorMessage"=>"The submission failed: Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)", "Return"=>false, "p12Data"=>nil, "certexpdate"=>nil, "serialNo"=>nil} => true 

But if I create the CSR request from the command line:

openssl req -out mytest.csr -new -newkey rsa:2048 -nodes -keyout mytest.key

Then converted the CSR so replace new line with \n string.

Then prepare a Json payload:

{ "certTemplate":"MyTemplate", "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC8zCCAdsCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCRVMxCzAJBgNVBAsMAk1MMSAwHgYD\nVQQDDBcgbXNjbGllbnQ1MS5zYW10ZXN0LmNvbTElMCMGCSqGSIb3DQEJARYWbXNj\nbGllbnQ1MUBzYW10ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL+X4YJ041JDVfYZr2IXHEAsBc9cbtYxuLa4FkXz+enZYj+9J4qK7zl9OJ7P\nfW29jf82oyQ83RH6XrYcFJKO9cuXgkkQaNV8X6J7sbn87hHUn8xZ1SORd+OPV/ws\nHdOuuv/kQi0S1Rz9Qn7RJiEnQqC14bp50fjJDxxYBVcU/bevlMuFzf8pKQbNfWD5\nbpHHPKpN6uKAXQa2vCqRPAHMvlxCqVHf1Lmy6xojsHGDdqYcYgwG2JB140nOpKtA\nwO9jR5wF7HmqUs/u/fV+p86IaHt6rAxo8WX0Ymu+48DanMdlBqjQ222OthnTbgmD\nbW9j16kNesriu8APSpxW6f7InhsCAwEAAaAYMBYGCSqGSIb3DQEJAjEJDAdNTF9U\nVjJHMA0GCSqGSIb3DQEBCwUAA4IBAQCOxISJbXXQqFmHTwcIP+jaYM1souuptE5l\nhrG/5T1Irz357DABfQpaZkon8dIF8QRpjCY2+b44srGtbKBbnUDAgM5e+qqZjx6X\ng7Yp7LLVW9EplvMYT83M62K9UyNFqjizgXbNIxJRsApLutLBpTpB3vIpQcZYhygf\nfJx/zmN3rD3K47SdaDd9JyD7W3tnAQ1rHEG1uS+Pm9Cq5+Wi8k+nEeGHtQnY5eps\nYqA/g86m4VR5RP0+oTvq3FC57PFqrbv+lwD9brCzjAK/c/QcyBnoxnMNbFVzwhcf\nKAF82Vl9kvwOwyD8sPN19V9ldmZpMhQ/2hsuHxRLAnlwHYhqfl/9\n-----END CERTIFICATE REQUEST-----" } 

the above CSR request works fine.

What am I doing wrong with the ruby code above?

1

1 Answer

That's because CSR request is not your public key in pem format. CSR has different ASN1 notation compared to public key. That's why you are getting ASN1 related error.

You can see this gist on how to create CSR using Ruby wrapper for OpenSSL. As you can see, you'd need to specify your distinguished names as well.

def csr(key) options = { :country => 'PL', :state => 'M', :city => 'Cracow', :organization => 'OSPL', :department => '', :common_name => 'OSPL', :email => '' } request = OpenSSL::X509::Request.new request.version = 0 request.subject = OpenSSL::X509::Name.new([ ['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING], ['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING], ['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING], ['O', options[:organization], OpenSSL::ASN1::UTF8STRING], ['OU', options[:department], OpenSSL::ASN1::UTF8STRING], ['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING], ['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING] ]) request.public_key = key.public_key request.sign(key, OpenSSL::Digest::SHA1.new) end 
4

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.