Invalid-CSR issue when generating CSID in Simulation

Hello,

We are currently facing issues generating the Compliance CSID in the Simulation portal. Every attempt ends with the error:

{“errorCode”:“400”,“errorCategory”:“Invalid-CSR”,“errorMessage”:“The provided Certificate Signing Request (CSR) is invalid.”}

What we have tried so far

  1. Using the official ZATCA SDK (C# .NET)

    • We created a .NET console app and referenced the SDK DLLs.

    • We used CsrGenerator and also tried building the CSR manually with BouncyCastle.

    • CSR is generated and private key saved.

    • Inspector shows the Subject DN contains all required RDNs:

      • C=SA

      • O=<CompanyName>

      • OU=<OrgUnit>

      • CN=<DeviceName>

      • serialNumber=1-<Seg1>|2-<Seg2>|3-<Seg3>

      • 2.5.4.15=<InvoiceTypeMask>

      • 2.5.4.97=<VATNumber>

    • Signature algorithm shows as ECDSA with SHA-256.

    • Curve should be P-256 (prime256v1 / secp256r1) but in some attempts the curve OID prints as unknown

We are calling the Simulation endpoint:
POST https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance
Headers:

  • OTP: <SimulationPortalOTP>
  • RequestID: <GUID>
  • Accept-Version: V2
  • Accept: application/json
  • Accept-Language: en

### Issue

Despite including all required fields (masked above for security) and ensuring the CSR is generated on P-256 with SHA256withECDSA, the API always returns Invalid-CSR.

We have validated that:

  • The CSR has serialNumber, businessCategory, and organizationIdentifier (2.5.4.97).
  • The VAT number is 15 digits, starting and ending with 3.
  • serialNumber follows the required format: 1-...|2-...|3-....
  • InvoiceType is 4 digits (only 0/1).
  • An extension with OID 1.3.6.1.4.1.311.20.2 and value PREZATCA-Code-Signing is included.

Dear @Humayun

Thanks for reaching out,

To provide comprehensive support as usual, can I kindly ask you to mention what is the exact version of SDK .Net that you are using?

Thanks,
Ibrahem Daoud.

Dear @idaoud
SDK version i,m using is 4.8

Dear @Humayun

Thanks for your collaboration, Sorry my bad I meant ZATCA SDK.

Dear @idaoud
zatca-einvoicing-sdk-DotNet-238-R3.4.4

Dear @Humayun

To ensure comprehensive support as usual, Kindly request a one to one meeting with our technical team via below mail, to clarify the exact functionality that you can use it while using ZATCA .NET SDK.

Mentioning this link in the subject.
Additionally, please share here the email address that you gonna send from.

Thanks,
Ibrahem Daoud.

Dear @idaoud
you did not share any email in your reply. Can you please share so i can contact with your technical team.

Thanks,
Humayun

1 Like

Apologies for that,

SP mail: sp_support@zatca.gov.sa

Thanks,

I will send an email with this :mernstack42@gmail.com

I have sent an email @idaoud

One note Please dont forget to generate csr with -sim param when u try to generate c csid in simulation mode