search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.3k stars 204 forks source link

Certificate Request Format #315

Closed lainz closed 3 years ago

lainz commented 3 years ago

Hi, I've seen this demo from a third party website: https://johannes.truschnigg.info/csr/

It works, but the format of the data isn't the one my target website can read.

This is an example certificate I create with node and an openssl library:

-----BEGIN CERTIFICATE REQUEST-----
MIIDgzCCAmsCAQAwgb4xCzAJBgNVBAYTAkFSMRMwEQYDVQQIDApDb3JyaWVudGVz
MRMwEQYDVQQHDApDb3JyaWVudGVzMQkwBwYDVQQRDAAxCTAHBgNVBAkMADELMAkG
A1UECgwCSVQxCzAJBgNVBAsMAklUMRUwEwYDVQQDDAxwb3NiZXJyeS5jb20xGTAX
BgNVBAMMEHd3dy5wb3NiZXJyeS5jb20xIzAhBgkqhkiG9w0BCQEWFHNvcG9ydGVA
cG9zYmVycnkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAOK
85PW4B442ZO3KAUAuRa0JR61fVVyaQ/zHiWPvXPMBBM/HscGy8H7xr6896kdfHUj
+shxx3/pw67OwaACDQzc9jBVZp2g7RZ0RbiPxORkdx+e7GchoHxwfauPsd8ljo/K
v49e7sXQdDqWJC/z2nrubhte+1n8gazogHB30/uukQBWdzeXFZ47Pg6XsD5YSRpK
L2aUyEGs/9FQCjSVfItN/kX+eT8p7Vgyjm6ehrYdT0d+eOFpeUGPZY9EyyyXTDHg
zSb/8LBc0kh3cz/AHEsXOaxKAc2rK1Zix46UhwT4K1HZb1I0lOs5w+gEbAVQQ0j4
LVpegykm3YiXmwQ5PwIDAQABoH8wfQYJKoZIhvcNAQkOMXAwbjASBgNVHRMBAf8E
CDAGAQH/AgEBMAsGA1UdDwQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwKQYDVR0RBCIwIIIMcG9zYmVycnkuY29tghB3d3cucG9zYmVycnku
Y29tMA0GCSqGSIb3DQEBDQUAA4IBAQAnhCmnSWWphsyRRGZSX6WlvSfH5Btkjos8
kjZ9ZHt/t6/zpeEjLT4xbtfEpMJIvdzgTAONDrBmYun65bcX1kzSezWNtGVun992
u2vUV453VeLbNnXH89XwO7u761YxLCndNg2RGWCaOCJ29TlgqgpmrUXGDi2B2vA+
vaU06tvKRyOMmfuODSdZfsr7gTZgaHxIx36Xf/P/8H8qES9LZ2Aw0vMbdrkcgmVM
+kCodHVfg7Qd7WPHgo5V3sdQL82U3x0Gc1xEbxEOe3scT9WY7hxsIbGvLDQt5STR
HoiVERJHLW74eYOsWao22tXkBMlq3f1Qwkhx6UvoFMeg4tCi3nEu
-----END CERTIFICATE REQUEST-----

If you paste that on this website https://www.ssl247.es/support/tools/csr-decoder

It outputs

Asunto:
C = AR
ST = Corrientes
L = Corrientes
postalCode =
street =
O = IT
OU = IT
CN = posberry.com
CN = www.posberry.com
emailAddress = soporte@posberry.com

Al separated by "\r\n" I think.

But in the file generated with that third party website, it outputs in a "single line" with plus signs, like:

Asunto: C = AR + ST = Corrientes + L = Corrientes...

If I use your example it does the same: https://pkijs.org/examples/PKCS10_complex_example.html

It adds the fields with a plus sign:

C = RU + CN = Simple test (\D0\BF\D1\80\D0\BE\D1\81\D1\82\D0\BE\D0\B9 \D1\82\D0\B5\D1\81\D1\82)

How I can change, if possible any of the two examples to generate (in the browser without node) the desired format?

Thanks.

lainz commented 3 years ago

Hi, seems that everything is fine with the library, just the Authorithy I'm sending the request don't accept this format, so a bug in their side, they only accept OpenSSL way.