[Pki-users] Sorry, your request is not submitted. The reason is "invalid request".
Marc Sauton
msauton at redhat.com
Wed May 21 19:21:42 UTC 2014
On 05/20/2014 06:42 PM, Ricardo Alexander Perez Ricardez wrote:
>
> Hi,
>
> I try to create a certificate by following these steps:
>
> Some simple steps are listed here on how to proceed to enroll a server
> certificate for an apache webserver with Dogtag.
>
> *Generate a Key/CSR:
>
> oopenssl genrsa -des3 -out www.mydomain.com.key 1024
>
> oopenssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
>
> §Fill out all the prompts here including
> CountryName,State,Locality,Organization Name, Organizational Unit
> Name, Common Name.
>
> *Sample CSR from the above commands:
>
> -----BEGIN CERTIFICATE REQUEST-----
>
> MIIBqDCCARECAQAwaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
>
> FTATBgNVBAcTDE1vdW50YWluVmlldzEPMA0GA1UEChMGUmVkSGF0MQwwCgYDVQQL
>
> EwNJRE0xDjAMBgNVBAMTBWEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
>
> gQDMbwtFUZNzlfWRI19nuxKsbhJ1/5A/rrXQkH7+K1uqxmzytm6b57lkGK9YUC7B
>
> qSKpJ4zzOnVqwRZsE9oJ5CSv+eQUie1NTz4KEL9ZOsN4p2zn0JFaKqze/vxZ3Rux
>
> BKnAz34KxOKZxGTiychOTytWS6V4lDzKBvgTgf0EZfOcfwIDAQABoAAwDQYJKoZI
>
> hvcNAQEEBQADgYEAxRGViyX5MxedhfSOja3XmvCcTOZL+btT7u4zztGBz71qSGhz
>
> yLcFCHCOMngsfiHxySBUIjZdGAOjrwcwT04ig/C2TE8mTamDp7d8/zQ6k9De/9Dp
>
> Q+C7PZuTYQkDf417IxbalEWhhNQ2AE6pMxfWwWAhjP1jAFLdKQZtEVNG9AQ=
>
> -----END CERTIFICATE REQUEST-----
>
> *Submit this CSR to the "Server Certificate Enrollment" profile of the
> Dogtag CA and get it approved.
>
> *Download the Cert and the CA and get them installed in apache.
>
> From this URL: http://pki.fedoraproject.org/wiki/Apache_Cert_Enrollment
>
> *The .key and .csr files correctly generated, when I get to this step:
>
> *
>
> *Submit this CSR to the "Server Certificate Enrollment" profile of the
> Dogtag CA and get it approved.
>
> *
>
> *I get the following error in the web administration console DogTag:
>
> *
>
> *Sorry, your request is not submitted. The reason is "invalid request".*
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
The posted CSR seem to work ok for me, can read it from openssl, request
and issue a certificate using RHCS 8.1.
You may want to review the /var/log/pki-ca/debug file for any extra hint.
Thanks,
M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140521/14972739/attachment.htm>
More information about the Pki-users
mailing list