EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Help with CSR problems

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#3134
Posted: 06/13/2007 18:30:41
by Allen Drennan (Standard support level)
Joined: 05/29/2007
Posts: 11

The CSR we have been creating with SecureBlackBox is always rejected by GoDaddy. We discussed this issue with our contact at GoDaddy within their developer group and he said it was because it fails the OpenSSL CSR verification process. The output from the CSR is below. The CSR created by SecureBlackBox is at the bottom. What are we doing wrong?

C:\OpenSSL\bin>openssl req -verify -in c:\csr.txt -text
verify failure
572:error:04077064:rsa routines:RSA_verify:algorithm mismatch:.\crypto\rsa\rsa_sign.c:228:
572:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:.\crypto\asn1\a_verify.c:168:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=California, L=San Diego, O=WiredRed, OU=HQ, CN=*.wiredred.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b1:6e:05:fc:64:8e:fb:6f:90:dd:2d:67:75:c0:
38:19:e1:57:a0:4c:e4:34:50:49:18:55:e1:ae:2f:
f0:f4:ca:01:6e:5d:a5:a5:1d:63:91:57:45:61:4c:
39:7c:c8:a3:19:ec:e2:e0:a1:79:37:7f:3d:f6:65:
17:51:e7:74:05:4c:0b:3c:40:be:9f:f4:de:af:c1:
33:ea:f6:2b:23:1e:f0:81:7b:d5:92:be:d9:07:a2:
6f:68:bf:60:04:63:eb:42:65:49:4d:cf:3e:7f:56:
b9:fb:b3:f9:88:9b:7c:61:8e:88:30:02:5c:d7:87:
f5:d6:88:05:91:c0:92:ee:6f
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
6a:5b:51:57:70:58:c7:d4:3d:e2:b6:d6:3b:eb:96:ff:e4:8d:
50:4d:6f:8f:42:69:9f:ef:b6:6f:2b:cd:42:e2:70:07:b7:79:
75:bb:2c:53:02:94:c9:78:57:42:c4:ec:a6:b5:60:fb:56:e6:
b2:49:0f:be:69:e7:b6:ac:ba:d0:ce:4e:7f:c1:f2:9e:14:2b:
23:49:de:6a:34:d4:39:98:91:cb:b3:23:18:e0:6a:83:79:25:
07:52:7c:a2:f6:1b:12:7e:d2:9c:24:e4:b0:e2:80:d0:c6:81:
8d:a7:5b:df:06:e3:41:84:16:28:3d:cf:4c:3f:26:4b:56:35:
81:84

-----BEGIN CERTIFICATE REQUEST-----
MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EjAQBgNVBAcTCVNhbiBEaWVnbzERMA8GA1UEChMIV2lyZWRSZWQxCzAJBgNVBAsT
AkhRMRcwFQYDVQQDEw4qLndpcmVkcmVkLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAsW4F/GSO+2+Q3S1ndcA4GeFXoEzkNFBJGFXhri/w9MoBbl2lpR1j
kVdFYUw5fMijGezi4KF5N3899mUXUed0BUwLPEC+n/Ter8Ez6vYrIx7wgXvVkr7Z
B6JvaL9gBGPrQmVJTc8+f1a5+7P5iJt8YY6IMAJc14f11ogFkcCS7m8CAwEAAaAA
MA0GCSqGSIb3DQEBBAUAA4GBAGpbUVdwWMfUPeK21jvrlv/kjVBNb49CaZ/vtm8r
zULicAe3eXW7LFMClMl4V0LE7Ka1YPtW5rJJD75p57asutDOTn/B8p4UKyNJ3mo0
1DmYkcuzIxjgaoN5JQdSfKL2GxJ+0pwk5LDigNDGgY2nW98G40GEFig9z0w/JktW
NYGE
-----END CERTIFICATE REQUEST-----
#3145
Posted: 06/14/2007 07:57:51
by Ken Ivanov (EldoS Corp.)

Thank you for your message. The issue you described really does exist. We are investigating it at the moment.

The problem is specific only to MD5 and SHA2-based signature algorithms. Please use SHA1-based algorithm (e.g. SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION) to generate valid CSRs. The fix will be included to the upcoming build update.
#3146
Posted: 06/14/2007 09:59:52
by Allen Drennan (Standard support level)
Joined: 05/29/2007
Posts: 11

Thanks for the quick reply. I look forward to the fix.
#5303
Posted: 03/06/2008 11:05:02
by Jayanthi Rajoo (Standard support level)
Joined: 05/29/2007
Posts: 16

SecureBlackbox can verify CSR information?
#5304
Posted: 03/06/2008 11:35:55
by Eugene Mayevski (EldoS Corp.)

yes.


Sincerely yours
Eugene Mayevski
#5305
Posted: 03/07/2008 01:00:21
by Jayanthi Rajoo (Standard support level)
Joined: 05/29/2007
Posts: 16

How to verify and display the Subject information? Thanks.

For example: C=US, ST=California, L=San Diego, O=WiredRed, OU=HQ, CN=*.wiredred.com
#5306
Posted: 03/07/2008 01:19:36
by Ken Ivanov (EldoS Corp.)

Signature validation can be performed using TElCertificateRequest.ValidateSignature() method. Subject information can be accessed via the Subject property.
#5307
Posted: 03/07/2008 02:02:38
by Eugene Mayevski (EldoS Corp.)

This information is available in the How-To


Sincerely yours
Eugene Mayevski
#5323
Posted: 03/09/2008 04:27:25
by Jayanthi Rajoo (Standard support level)
Joined: 05/29/2007
Posts: 16

If signature is successfully validated, only return True.
Can display the Subject information?
For example: C=US, ST=California, L=San Diego, O=WiredRed, OU=HQ, CN=*.wiredred.com

Thanks.
#5324
Posted: 03/09/2008 06:14:32
by Eugene Mayevski (EldoS Corp.)

Use Subject property


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 4797 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!