400 Bad Request Error When Submitting CSR

Ali00032 · June 16, 2025, 3:23pm

Dear ZATCA Support Team,

I hope you’re well.

I’m experiencing a 400 Bad Request error when attempting to submit my Certificate Signing Request (CSR) through the ZATCA Fatoora Developer Portal.

Here’s what I have tried so far:

➥ Using Fatoora CLI:

shell

fatoora -csr -pem -privateKey my-private-key.pem -generatedCsr my-csr.csr -csrConfig zatca-csr.properties

My zatca-csr.properties file includes:

csr.common.name=TST-87431145-311218730900003
csr.serial.number=1-TST|2-TST|3-088f0539-15ab-4e72-a515-b4b4afa8f74c
csr.organization.identifier=311218730900003
csr.organization.unit.name=Riyadh Branch
csr.organization.name=Al Noor.
csr.country.name=SA
csr.invoice.type=1100
csr.location.address=RRRD2929
csr.industry.business.category=car

➥ Using OpenSSL:
I also tried generating the CSR manually with openssl following your instructions and configuration file:

shell

CopyEdit

openssl req -new -sha256 -key PrivateKey.pem -extensions v3_req -config config.conf -out taxpayer.csr

My config.conf contains:

ini

CopyEdit

[ OIDs ]
certificateTemplateName = 1.3.6.1.4.1.311.20.2

[ req ]
default_bits = 2048
emailAddress = sa.example@example.com
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha 256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C = SA
OU = test department
O = test company
CN = 127.0.0.1

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[ req_ext ]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names

[ alt_names ]
SN = 1-AlNahar|2-AlNaharERP|3-5G6JJ109
UID = 312543537100003
title = 1100
registeredAddress = Jubail 35514, SA-547755497
businessCategory = Air conditioning maintenance

➥ Base64 Conversion:
I base64-encoded the generated CSR and then tried posting it through API, but I received 400 Bad Request each time.

My Question:
Could you please advise me:

➥ If there’s a specific format or field that I’m missing in my CSR?
➥ Why I’m receiving a 400 Bad Request when I submit it through the API or Fatoora CLI?

Any guidance or example configuration you could provide would be greatly appreciated.

Thank you in advance for your help.

Best wishes,

Aturkistani · June 17, 2025, 3:19am

Dear @Ali00032 ,

I have replied to your question in the another raised post.

Regards,

Topic		Replies	Views
D365 F&O to ZACTA integration Error FATOORA portal and Simulation portal	1	137	November 15, 2024
Invalid CSR - ZATCA Communication error (Bad Request 400) Onboarding, renewal and revocation	8	378	December 15, 2024
Getting 400 invalid CSR error while registering devices on simulation Onboarding, renewal and revocation	2	68	January 22, 2025
Invalid-CSR","errorMessage":"The provided Certificate Signing Request (CSR) is invalid Onboarding, renewal and revocation	3	238	February 25, 2025
{"errorCode":"400","errorCategory":"Invalid-CSR","errorMessage":"The provided Certificate Signing Request (CSR) is invalid."} XML and business rules	13	193	May 25, 2025

400 Bad Request Error When Submitting CSR

Related topics