CSR失败:错误解析请求ASN1错误标记值已满足(ASN:267 CRYPT_E_ASN1_BADTAG)
我试图通过以下方式提交CSR请求:
require 'openssl' require 'json' def public_key_info key_info = private_key.public_key.to_pem key_info = key_info.sub! '-----BEGIN PUBLIC KEY-----', '-----BEGIN CERTIFICATE REQUEST-----' key_info = key_info.sub! '-----END PUBLIC KEY-----', '-----END CERTIFICATE REQUEST-----' key_info end # "Creating a new 2048bit RSA Keypair..." def private_key @private_key = OpenSSL::PKey::RSA.new 2048 end payload = { "CsrData" => public_key_info, "certTemplate" => "MyTemplate" } encoded = JSON.generate(payload) p "Payload is #{encoded}" response = RestClient::Resource.new( 'http://myURL/GenerateCertificateUsingCsr', ).post encoded, :content_type => 'application/json', :accept => 'text/plain' response_json = JSON.parse(response.body) p response_json 请求失败并显示错误提交失败:错误解析请求。 遇到ASN1错误标记值。 0x8009310b(ASN:267 CRYPT_E_ASN1_BADTAG) :
{ "certTemplate":"MyTemplate", "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWeK196VcjZZFbKyEjpj\n8I6DjHbwiMi9I10tV41OEt9Ozp+M0V6TYOKNlJTXGxNUHD0lXFJBlS2z/PLQbW/3\n6C9xRkIclve5Uq8J2NmubnR9+NOt/cjPb4EJtMlxySq5cWOqEyq4UirUEfch9HMC\nkLwJ0MPdrDatZqfIv1IvhBiKfyqWV2jds3X60NlmvyGxnrd54dO8/OqNJNmw2BP9\n3aa21asRqB7oPW2H49o2gwDxF6ZEwymAFvU4jvO+BQLRDYTm8GslHyX9kCXWnYHg\nX7gqvek/mu7KqyIB44YyOjGYkVX76El32B08ruKlc+xZ8kFWC1bMzwZNoFEBKO6D\n9QIDAQAB\n-----END CERTIFICATE REQUEST-----" } {"ErrorCode"=>1005, "ErrorMessage"=>"The submission failed: Error Parsing Request ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)", "Return"=>false, "p12Data"=>nil, "certexpdate"=>nil, "serialNo"=>nil} => true
但是如果我从命令行创建CSR请求:
openssl req -out mytest.csr -new -newkey rsa:2048 -nodes -keyout mytest.key
然后转换CSR,用\n字符串替换新行。
然后准备一个Json有效载荷:
{ "certTemplate":"MyTemplate", "CsrData":"-----BEGIN CERTIFICATE REQUEST-----\nMIIC8zCCAdsCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCRVMxCzAJBgNVBAsMAk1MMSAwHgYD\nVQQDDBcgbXNjbGllbnQ1MS5zYW10ZXN0LmNvbTElMCMGCSqGSIb3DQEJARYWbXNj\nbGllbnQ1MUBzYW10ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL+X4YJ041JDVfYZr2IXHEAsBc9cbtYxuLa4FkXz+enZYj+9J4qK7zl9OJ7P\nfW29jf82oyQ83RH6XrYcFJKO9cuXgkkQaNV8X6J7sbn87hHUn8xZ1SORd+OPV/ws\nHdOuuv/kQi0S1Rz9Qn7RJiEnQqC14bp50fjJDxxYBVcU/bevlMuFzf8pKQbNfWD5\nbpHHPKpN6uKAXQa2vCqRPAHMvlxCqVHf1Lmy6xojsHGDdqYcYgwG2JB140nOpKtA\nwO9jR5wF7HmqUs/u/fV+p86IaHt6rAxo8WX0Ymu+48DanMdlBqjQ222OthnTbgmD\nbW9j16kNesriu8APSpxW6f7InhsCAwEAAaAYMBYGCSqGSIb3DQEJAjEJDAdNTF9U\nVjJHMA0GCSqGSIb3DQEBCwUAA4IBAQCOxISJbXXQqFmHTwcIP+jaYM1souuptE5l\nhrG/5T1Irz357DABfQpaZkon8dIF8QRpjCY2+b44srGtbKBbnUDAgM5e+qqZjx6X\ng7Yp7LLVW9EplvMYT83M62K9UyNFqjizgXbNIxJRsApLutLBpTpB3vIpQcZYhygf\nfJx/zmN3rD3K47SdaDd9JyD7W3tnAQ1rHEG1uS+Pm9Cq5+Wi8k+nEeGHtQnY5eps\nYqA/g86m4VR5RP0+oTvq3FC57PFqrbv+lwD9brCzjAK/c/QcyBnoxnMNbFVzwhcf\nKAF82Vl9kvwOwyD8sPN19V9ldmZpMhQ/2hsuHxRLAnlwHYhqfl/9\n-----END CERTIFICATE REQUEST-----" }
上述CSR请求正常。
我上面的ruby代码出了什么问题?
这是因为CSR请求不是pem格式的公钥。 与公钥相比,CSR具有不同的ASN1表示法。 这就是为什么你得到ASN1相关的错误。
您可以看到如何使用Ruby包装器为OpenSSL创建CSR。 如您所见,您还需要指定专有名称。
def csr(key) options = { :country => 'PL', :state => 'M', :city => 'Cracow', :organization => 'OSPL', :department => '', :common_name => 'OSPL', :email => '' } request = OpenSSL::X509::Request.new request.version = 0 request.subject = OpenSSL::X509::Name.new([ ['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING], ['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING], ['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING], ['O', options[:organization], OpenSSL::ASN1::UTF8STRING], ['OU', options[:department], OpenSSL::ASN1::UTF8STRING], ['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING], ['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING] ]) request.public_key = key.public_key request.sign(key, OpenSSL::Digest::SHA1.new) end
- OpenSSL,RVM,Brew,冲突错误
- 无法在ruby中使用openssl
- OpenSSL – 既不是PUB密钥也不是PRIV密钥::嵌套asn1错误
- 无法在OSX上运行带有RVM的Ruby 2.2.3
- Ruby中的Rijndael AES-128加密解密
- SSL_connect SYSCALL返回= 5 errno = 0 state = SSLv2 / v3读取服务器hello A.
- 为什么我不能使“OpenSSL with Ruby”和“Command line OpenSSL”可以互操作?
- 使用JS中的SJCL和Ruby中的OpenSSL进行椭圆曲线加密
- Ruby:SSL_connect SYSCALL返回= 5 errno = 0 state =未知状态(OpenSSL :: SSL :: SSLError)