Provided CSR is invalid

Shzzamx · September 30, 2025, 3:10pm

I am repeatedly facing the issue of “Invalid CSR” every time I try to complete the onboarding process. Each attempt seems to fail for a different reason, and I end up having to make unnecessary adjustments to the CSR file.

The same issue occurred when I did the onboarding three months ago, and even before that. It has become a recurring problem that slows down the process unnecessarily.

Could you please clarify why this happening now?

.this is my .cnf file

oid_section = OIDs
[OIDs]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
[req]
default_bits = 2048
emailAddress =n@mail.com.sa
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha 256
req_extensions = req_ext
distinguished_name = dn
[dn]
C=SA
OU=xxxxxx
O=Company
CN=xxxxxx
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature,nonRepudiation,keyEncipherment
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=1-GRN|2-MCT|3-a6bc16f3-9bd6-4612-a4ce-17415e46ea4d
UID=xxxxxxxxxxxxxx
title=1100
registeredAddress=xxxxxx
businessCategory=Consumer Goods

and these are the ssl commands

1- Create private key

openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem

2- Create public key

openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem

3- Create CSR

openssl req -new -sha256 -key ec-secp256k1-priv-key.pem -extensions v3_req -config config.cnf -out my.csr

idaoud · October 1, 2025, 6:56am

Morning @Shzzamx

Thanks for reaching out,

To provide comprehensive support as usual, can I kindly ask you to elaborate with the below:

Is it in simulation, or production?
What is the openSSL version that you are using?

Thanks,
Ibrahem Daoud.

Shzzamx · October 1, 2025, 8:33am

@idaoud
Morning Ibrahem,

Thanks for your response.

I am currently working in Production environment.
The OpenSSL version I am using is OpenSSL 3.4.0 2 Oct 2024

Please let me know if you need any further details from my side.

idaoud · October 1, 2025, 10:34am

Dear @Shzzamx

Kindly share the full payload via below mail:

SP mail: sp_support@zatca.gov.sa

Additionally, please share here the email address you will reach out to our technical team from.

Thanks,
Ibrahem Daoud.

Shzzamx · October 2, 2025, 7:45am

Below is my email address and i will share the full payload with you on your provided email
email: chshahzaman.mazher@gmail.com

Topic		Replies	Views
Invalid CSR while onboarding on production Onboarding, renewal and revocation	2	25	October 2, 2025
Invalid CSR on production Onboarding, renewal and revocation	0	14	September 30, 2025
Invalid csr bad request 400 when get CSID XML and business rules	4	134	October 10, 2024
Error message: The provided Certificate Signing Request (CSR) is invalid Onboarding, renewal and revocation	2	108	July 6, 2025
Invalid Request when i try to generate CSID Onboarding, renewal and revocation	4	199	April 20, 2025

Provided CSR is invalid

Related topics