CSR failing: Error Parsing Request ASN1 bad tag value met (ASN: 267 CRYPT_E_ASN1_BADTAG)

Question

CSR failing: Error Parsing Request ASN1 bad tag value met (ASN: 267 CRYPT_E_ASN1_BADTAG)

I am trying to submit a CSR request in the following way:

require 'openssl'
require 'json'

def public_key_info
  key_info = private_key.public_key.to_pem
  key_info = key_info.sub! '-----BEGIN PUBLIC KEY-----', '-----BEGIN CERTIFICATE REQUEST-----'
  key_info = key_info.sub! '-----END PUBLIC KEY-----', '-----END CERTIFICATE REQUEST-----'
  key_info
end

# "Creating a new 2048bit RSA Keypair..."
def private_key
  @private_key = OpenSSL::PKey::RSA.new 2048
end

payload = { 
  "CsrData" => public_key_info,
  "certTemplate" => "MyTemplate"
}

encoded = JSON.generate(payload)    
p "Payload is #{encoded}"

response = RestClient::Resource.new(
  'http://myURL/GenerateCertificateUsingCsr',
).post encoded, :content_type => 'application/json', :accept => 'text/plain'

response_json = JSON.parse(response.body)
p response_json

The request failed with the error The submission failed: Error Parsing Request. ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG):

{
    "certTemplate":"MyTemplate",
    "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeK196VcjZZFbKyEjpj\n8I6DjHbwiMi9I10tV41OEt9Ozp+M0V6TYOKNlJTXGxNUHD0lXFJBlS2z/PLQbW/3\n6C9xRkIclve5Uq8J2NmubnR9+NOt/cjPb4EJtMlxySq5cWOqEyq4UirUEfch9HMC\nkLwJ0MPdrDatZqfIv1IvhBiKfyqWV2jds3X60NlmvyGxnrd54dO8/OqNJNmw2BP9\n3aa21asRqB7oPW2H49o2gwDxF6ZEwymAFvU4jvO+BQLRDYTm8GslHyX9kCXWnYHg\nX7gqvek/mu7KqyIB44YyOjGYkVX76El32B08ruKlc+xZ8kFWC1bMzwZNoFEBKO6D\n9QIDAQAB\n-----END CERTIFICATE REQUEST-----"
}

{"ErrorCode"=>1005, "ErrorMessage"=>"The submission failed: Error Parsing Request  ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)", "Return"=>false, "p12Data"=>nil, "certexpdate"=>nil, "serialNo"=>nil}
=> true

But if I create the CSR request from the command line:

openssl req -out mytest.csr -new -newkey rsa:2048 -nodes -keyout mytest.key

Then converted the CSR so replace new line with \n string.

Then prepare a Json payload:

{
  "certTemplate":"MyTemplate",
  "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC8zCCAdsCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCRVMxCzAJBgNVBAsMAk1MMSAwHgYD\nVQQDDBcgbXNjbGllbnQ1MS5zYW10ZXN0LmNvbTElMCMGCSqGSIb3DQEJARYWbXNj\nbGllbnQ1MUBzYW10ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL+X4YJ041JDVfYZr2IXHEAsBc9cbtYxuLa4FkXz+enZYj+9J4qK7zl9OJ7P\nfW29jf82oyQ83RH6XrYcFJKO9cuXgkkQaNV8X6J7sbn87hHUn8xZ1SORd+OPV/ws\nHdOuuv/kQi0S1Rz9Qn7RJiEnQqC14bp50fjJDxxYBVcU/bevlMuFzf8pKQbNfWD5\nbpHHPKpN6uKAXQa2vCqRPAHMvlxCqVHf1Lmy6xojsHGDdqYcYgwG2JB140nOpKtA\nwO9jR5wF7HmqUs/u/fV+p86IaHt6rAxo8WX0Ymu+48DanMdlBqjQ222OthnTbgmD\nbW9j16kNesriu8APSpxW6f7InhsCAwEAAaAYMBYGCSqGSIb3DQEJAjEJDAdNTF9U\nVjJHMA0GCSqGSIb3DQEBCwUAA4IBAQCOxISJbXXQqFmHTwcIP+jaYM1souuptE5l\nhrG/5T1Irz357DABfQpaZkon8dIF8QRpjCY2+b44srGtbKBbnUDAgM5e+qqZjx6X\ng7Yp7LLVW9EplvMYT83M62K9UyNFqjizgXbNIxJRsApLutLBpTpB3vIpQcZYhygf\nfJx/zmN3rD3K47SdaDd9JyD7W3tnAQ1rHEG1uS+Pm9Cq5+Wi8k+nEeGHtQnY5eps\nYqA/g86m4VR5RP0+oTvq3FC57PFqrbv+lwD9brCzjAK/c/QcyBnoxnMNbFVzwhcf\nKAF82Vl9kvwOwyD8sPN19V9ldmZpMhQ/2hsuHxRLAnlwHYhqfl/9\n-----END CERTIFICATE REQUEST-----"
}

the above CSR request works fine.

What am I doing wrong with the ruby code above?

ruby-on-rails

ruby

ruby-on-rails-3

openssl

rsa

asked on Stack Overflow Jun 16, 2016 by

Micheal • edited Jun 17, 2016 by

Micheal

1 Answer

That's because CSR request is not your public key in pem format. CSR has different ASN1 notation compared to public key. That's why you are getting ASN1 related error.

You can see this gist on how to create CSR using Ruby wrapper for OpenSSL. As you can see, you'd need to specify your distinguished names as well.

def csr(key)
  options = { 
    :country      => 'PL',
    :state        => 'M',
    :city         => 'Cracow',
    :organization => 'OSPL',
    :department   => '', 
    :common_name  => 'OSPL',
    :email        => ''
  }

  request = OpenSSL::X509::Request.new
  request.version = 0 
  request.subject = OpenSSL::X509::Name.new([
    ['C',             options[:country], OpenSSL::ASN1::PRINTABLESTRING],
    ['ST',            options[:state],        OpenSSL::ASN1::PRINTABLESTRING],
    ['L',             options[:city],         OpenSSL::ASN1::PRINTABLESTRING],
    ['O',             options[:organization], OpenSSL::ASN1::UTF8STRING],
    ['OU',            options[:department],   OpenSSL::ASN1::UTF8STRING],
    ['CN',            options[:common_name],  OpenSSL::ASN1::UTF8STRING],
    ['emailAddress',  options[:email],        OpenSSL::ASN1::UTF8STRING]
  ])
  request.public_key = key.public_key
  request.sign(key, OpenSSL::Digest::SHA1.new)
end

answered on Stack Overflow Jun 22, 2016 by

Uzbekjon

User contributions licensed under CC BY-SA 3.0