Invalid CSR error when try to obtain CCSID

I am trying to onboard a new device and I am getting the error “The provided Certificate Signing Request (CSR) is invalid.”
The CSR encoded is “LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQk5UQ0Iyd0lC
QURCVE1Rc3dDUVlEVlFRR0V3SlRRVEVWTUJNR0ExVUVDd3dNVW1sNVlXUWdRbkpo
Ym1ObwpNUkF3RGdZRFZRUUtEQWREYjI1MGIzTnZNUnN3R1FZRFZRUUREQkphUVZS
RFFTMURiMlJsTFZOcFoyNXBibWN3ClZqQVFCZ2NxaGtqT1BRSUJCZ1VyZ1FRQUNn
TkNBQVIrWTR3NFhHdEF3NGl6ZWVNS0w3a0FtRzVBVFVOc0p4VncKeXRqa0RYc0ls
ZE5iSVJrQko2UmNLaWE2U1dXcGpGaElFblRhTHZhbnNSNkRIa1NyUFBQbm9Da3dK
d1lKS29aSQpodmNOQVFrT01Sb3dHREFKQmdOVkhSTUVBakFBTUFzR0ExVWREd1FF
QXdJRjREQUtCZ2dxaGtqT1BRUURBZ05KCkFEQkdBaUVBMWxTRDNEU1ZydzJEKzZa
TGVZVnFqcnhuK1ZhdGthdTNiUElKaFVodXpMOENJUUM5TTFKWGdsb2QKN2wzSG9u
RjdxRE9rTi9rT3R0RDg2T1RXdVcvTTVkQmo3UT09Ci0tLS0tRU5EIENFUlRJRklD
QVRFIFJFUVVFU1QtLS0tLQo=”

I also trying using Postman but got the same issue. Please can you help to solve this issue?

Dear @wanderson.oliveira

Thanks for reaching out, Welcome to our community.

To provide comprehensive support as usual, can I kindly ask you to mention all the steps that you followed from the first step to generate the CSR?

Thanks,
Ibrahem Daoud.

Hello thank you for the reply.
We are trying to on board the Dynamics 365 F&O and we are trying to run the PowerShell script described here: Onboarding for electronic invoicing in Saudi Arabia - Finance | Dynamics 365 | Microsoft Learn

I trying to run the script like: .\OnboardingScript.ps1 -action getComplianceCSID -otp 123345 -csrconfig .\csr_config.txt

The CSR config file is like that (email and UID replaced here for security purpose):
oid_section=OIDs
[OIDs]
certificateTemplateName=1.3.6.1.4.1.311.20.2
[req]
default_bits=2048
emailAddress=xxx
req_extensions=v3_req
x509_extensions=v3_ca
prompt=no
default_md=sha 256
req_extensions=req_ext
distinguished_name=dn
[dn]
C=SA
OU=Riyad Branch
O=Contoso
CN=ZATCA-Code-Signing
[v3_req]
basicConstraints=CA:FALSE
keyUsage=digitalSignature,nonRepudiation,keyEncipherment
[req_ext]
certificateTemplateName=ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName=dirName:alt_names
[alt_names]
SN=1-TST|2-TST|3-f9946a15-58db-404e-a868-1abccca82de3
UID=xxx
title=1100
registeredAddress=MyAddress
businessCategory=Industry

When we run the script, always gets the error: “The provided Certificate Signing Request (CSR) is invalid.”

Please, can you help us how to solve this?

Morning @wanderson.oliveira

Can I kindly ask you to try the below template using the facility information?

oid_section = OIDs
[ OIDs ]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
[req]
default_bits = 2048
emailAddress =
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C=SA
OU=
O=
CN=
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[req_ext]
certificateTemplateName=ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=1-zaid1|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
UID=
title=1100
registeredAddress=ss
businessCategory=

Please let me know if it works.

Thanks,
Ibrahem Daoud.

Unfortunately it doesn’t work.
I took your file, filled in the email and and UID (VAT number - 3xxx3) and got the error when the script tried to generate the certificate. So I believe the OU, O and CN needs to be filled in. I filled in OU = company name, O = company name and CN = ZATCA-Code-Signing, but got the same initial error that The provided Certificate Signing Request (CSR) is invalid.

Please, can you suggest something else that I should change in the file to make it valid?

image2119×131 45.3 KB

Dear @wanderson.oliveira

Thanks for replying,

No worries can I kindly ask you to reach out to our support team via the below mail, mentioning all the details and steps with some screenshots, for our investigation and will schedule one to one meeting if needed.

SP mail: sp_support@zatca.gov.sa

Thanks,
Ibrahem Daoud.