none
"Error Parsing Request The request subject name is invalid or too long" when trying to create a certificate from a CSR RRS feed

  • Question

  • HI,

         I am using a Windows 2008 server, SP2 with the latest updates on.  I am trying to use a .csr file that I have created on a 3rd party (Nextplane) system to create a certificate however when I try I get the error

    Your Request Id is 0. The disposition message is "Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439)"


    I have tried both the "Submit new request" against the server in the CA snapin in MMC and also the method of using a "Router offline request template as suggested in this

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/1ba23ee0-3e69-45f2-a875-2f6206b13c9d/

     

    I have checked the csr file using a online csr decoder and it looks OK as far as I can tell (this is a test setup on a private network so I'm not worried about the risk of using a online decoder).  The decoder shows the 'Subject' line as having 78 characters, including spaces etc.  As the server and domain names aren't excessive I don't think that this is unusually long.

    Is this likely to be the length of the subject line causing the problem or is the problem something else and the subject length just a red herring?

     

    Thanks in advance for any suggestions

     

    Neil

     

     

     

     

    Friday, October 29, 2010 4:47 PM

Answers

  • Here is your problem:

    Subject:
        CN=nextplane-svr.ocs.network-box.info
        OU=ocs
        O=network-box.info
        C=info

    'Country' DN suffix supports only 2-character country codes, such: LV, US, GB, FR, IT, RU and so on. For more details see:

     


    http://en-us.sysadmins.lv
    • Proposed as answer by Vadims PodansMVP Monday, November 1, 2010 4:26 PM
    • Marked as answer by neiljh297 Tuesday, November 2, 2010 2:34 PM
    Monday, November 1, 2010 4:25 PM

All replies

  • can you show the output of the command:

    certutil -dump <file.req>

    I'm interesting in Subject and Extensions fields.


    http://en-us.sysadmins.lv
    Friday, October 29, 2010 4:58 PM
  • As requested dump is below.  The certificate server is in the same domain (ocs.network-box.info) as the server I am requesting a certificate for.

     

    Thanks

     

    Neil

     

    PKCS10 Certificate Request:
    Version: 1
    Subject:
        CN=nextplane-svr.ocs.network-box.info
        OU=ocs
        O=network-box.info
        C=info

    Public Key Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
        Algorithm Parameters:
        05 00
    Public Key Length: 1024 bits
    Public Key: UnusedBits = 0
        0000  30 81 89 02 81 81 00 8e  b4 8f 45 34 f7 5b b5 af
        0010  b8 3b f9 98 89 d8 c5 ac  78 89 83 f6 5e da 14 44
        0020  e9 97 55 c5 e7 64 57 a9  c1 84 9b fd 79 2f 74 7e
        0030  22 2f a2 0e 2a ba 53 98  bc 5d c7 58 68 2e d9 44
        0040  2b 3a 0a b4 1d af ef 40  a4 b6 c1 cb 8e 0e df 23
        0050  18 31 7d 08 c5 fb a3 79  7a 52 eb dd 61 03 c4 ce
        0060  c0 4c 96 a3 88 01 47 16  a5 08 d2 98 55 6d 9d 12
        0070  db f7 5f d9 8c ae fd 8d  45 38 ba cf 79 71 24 03
        0080  b5 7b 2b 5d 39 0c e1 02  03 01 00 01
    Request Attributes: 0
      0 attributes:
    Signature Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
        Algorithm Parameters:
        05 00
    Signature: UnusedBits=0
        0000  7e d7 3a 73 37 63 4f 14  9a cf 15 a7 c8 78 57 e4
        0010  49 a5 64 f2 70 61 bc 00  8c 2e 55 80 0a c4 60 af
        0020  2f f0 ce fc c0 b7 dd be  4b f5 80 9a b3 ab b0 ca
        0030  98 da 2b c1 a1 a3 eb 06  7d 03 cc e0 94 fe 14 08
        0040  c7 c2 93 79 10 12 a9 31  8a e7 53 2b 8f 2b c2 a4
        0050  96 cd 26 b6 31 9c 4b 53  2c 9b ba 2c 21 d4 b9 27
        0060  31 bf 26 76 69 6d 91 74  f0 eb 95 98 f8 ef ec bd
        0070  e7 e5 ba 9c 68 8e e8 5d  c1 af b8 8f f6 59 6d 54
    Signature matches Public Key
    Key Id Hash(rfc-sha1): 6a 35 88 17 e4 43 87 50 21 da 73 8f 6b b5 c9 f2 57 47 ba af
    Key Id Hash(sha1): 27 3d 8c 60 e4 83 eb ef 62 c6 26 c6 e3 d4 ca e5 bb ed b0 f7
    CertUtil: -dump command completed successfully.

    Monday, November 1, 2010 3:10 PM
  • Here is your problem:

    Subject:
        CN=nextplane-svr.ocs.network-box.info
        OU=ocs
        O=network-box.info
        C=info

    'Country' DN suffix supports only 2-character country codes, such: LV, US, GB, FR, IT, RU and so on. For more details see:

     


    http://en-us.sysadmins.lv
    • Proposed as answer by Vadims PodansMVP Monday, November 1, 2010 4:26 PM
    • Marked as answer by neiljh297 Tuesday, November 2, 2010 2:34 PM
    Monday, November 1, 2010 4:25 PM
  • very thanks
    Saturday, January 7, 2012 2:38 AM
  • thx - was using USA

    Dale Unroe

    Wednesday, January 18, 2017 2:43 PM