PSPKI
PSPKI copied to clipboard
PKISolutions
PSPKI 3.7.2 - Get-CertificateRequest - Input data does not represent valid 'OBJECT_IDENTIFIER' type.
Hi,
I get the following error while trying to read a certificate request with Get-CertificateRequest
` PS C:> New-Object Security.Cryptography.X509CertificateRequests.X509CertificateRequest -ArgumentList C:\certs\mycsr.csr $error[0].Exception.InnerException.psbase $error[0].Exception.InnerException.StackTrace New-Object : Ausnahme beim Aufrufen von ".ctor" mit 1 Argument(en): "Input data does not represent valid 'OBJECT_IDENTIFIER' type." In Zeile:1 Zeichen:1
- New-Object Security.Cryptography.X509CertificateRequests.X509Certific ...
-
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
Offset : 0 Message : Input data does not represent valid 'OBJECT_IDENTIFIER' type. Data : {} InnerException : TargetSite : Void .ctor(SysadminsLV.Asn1Parser.Asn1Reader) StackTrace : bei SysadminsLV.Asn1Parser.Universal.Asn1ObjectIdentifier..ctor(Asn1Reader asn) bei SysadminsLV.PKI.Cryptography.Pkcs.SignedPkcs7`1.DecodeCms(Asn1Reader asn) bei System.Security.Cryptography.X509CertificateRequests.X509CertificateRequest.m_initialize() HelpLink : Source : SysadminsLV.Asn1Parser HResult : -2146881269
bei SysadminsLV.Asn1Parser.Universal.Asn1ObjectIdentifier..ctor(Asn1Reader asn)
bei SysadminsLV.PKI.Cryptography.Pkcs.SignedPkcs71.DecodeCms(Asn1Reader asn) bei System.Security.Cryptography.X509CertificateRequests.X509CertificateRequest.m_initialize()
PS: csr is valid according to
.\openssl.exe req -text -noout -verify -in
can you send me your CSR? You can send it through contact form: https://www.sysadmins.lv/contact.aspx
Maybe I found the error myself. One of the subject alternative names is bogus. It begins with a "."
No, the problem is somewhere else. Your request is PKCS10, however the code incorrectly detects it as PKCS7 and attempts to unroll PKCS7 syntax.
Maybe I found the error myself. One of the subject alternative names is bogus. It begins with a "."
yeah, you were right. The problem was with leading dot. While this syntax it is not valid name for Subject Alternative Names extension, it is valid for Name Constraints extension. I've fixed this in dev branch and fix will be released in next PSPKI version.