Simulation Environment: Handling CSR and Compliance API with ZATCA

In the simulation environment, I generated the CSR and sent a request to the compliance API (https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance)

I got the Error Response:

{
“errorCode”: “400”,
“errorCategory”: “Invalid-CSR”,
“errorMessage”: “The provided Certificate Signing Request (CSR) is invalid.”
}

CSR JSON as follows

{“csr”:“MIIBSTCB8AIBADBoMQswCQYDVQQGEwJTQTEPMA0GA1UECwwGSmVkZGFoMSMwIQYDVQQKDBpSSUNIIENIQUlOIFRSQURJTkcgQ09NUEFOWTEjMCEGA1UEAwwaUklDSCBDSEFJTiBUUkFESU5HIENPTVBBTlkwVjAQBgcqhkjOPQIBBgUrgQQACgNCAATOsnITjSUGAPo7NkUKObARE7BivLQF5HaSdupjINvYoTyasDVN3i1Tz7FswWFe6m62gkzw6+vdDHat1wooe+9eoCkwJwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAKBggqhkjOPQQDAgNIADBFAiBEOstniFGEhJXWmHafCo2YsLXqZsSI8c2HyOP8eCin+QIhAM1b+HtyfW+XE1WQFios+CPEsrhziqcLeS7KZ29/GNut”}

config file as follows

oid_section = OIDs
[ OIDs ]
certificateTemplateName= 1.3.6.1.4.1.1311.20.2

[ req ]
default_bits = 2048
emailAddress = aljabri@aljabrisoft.com
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=SA
OU=Jeddah
O=RICH CHAIN TRADING COMPANY
CN=RICH CHAIN TRADING COMPANY

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names

[alt_names]
SN=1-TSS|2-ERP|3-430fd4b1-5063-4e1d-9cdc-08ce31ca51f1S
UID=311241423800003
title=1100
registeredAddress=Jeddah
businessCategory=Software

CSIDError934×631 54.9 KB

Dear @dhaneshd ,

Thanks for reaching out.

You are receiving such an error because of a mistake in generating your CSR for simulation and the provided CSR does not contain the data you shared in the config file, which means that you have missed something, please could you share with us the steps you have done

Additionally, please see E-invoicing-Detailed-Technical-Guideline.pdf (zatca.gov.sa) slide 26, which explains all the fields in the config file you must provide.

Thanks

Production CSID failure
Thanks for guided me. CCSID generated successfully. But the generation of PCSID is failed.

CCSID generation result json
“errors”:null}

PCCSID generation result json

{“code”:“Missing-ComplianceSteps”,“message”:“The compliance certificate is not done with the following compliance steps yet [standard-compliant,standard-credit-note-compliant,standard-debit-note-compliant,simplified-compliant,simplified-credit-note-compliant,simplified-debit-note-compliant]”}

PCSIDError1077×717 92.2 KB

@halrashidy , We have providing all the information that is provided in the slide 26 of the document , Even though we are receiving the error Invalid-CSR . Could please check

oid_section = OIDs
[ OIDs ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2

[ req ]
default_bits = 2048
emailAddress = it@example.sa
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names

[ dn ]
C=SA # Country Code e.g SA
OU=INDEPENDENT FOOD COMPANY LTD # Organization Unit Name
O=INDEPENDENT FOOD COMPANY LTD # Organization Name
CN=POS487 # Common Name

[alt_names]
SN=1-Taxilla|2-IFCLSIM|3-0611240122 # EGS Serial Number 1-ABC|2-PQR|3-XYZ
UID=310096252500003 # Organization Identifier (VAT Number)
title=0100 # Invoice Type
registeredAddress=Riyadh # Address
businessCategory=Restaurant # Business Category

Dear @sameer ,

Many thanks for sharing such an information.

You are receiving such an error because of a mistake in generating your CSR for simulation, please ensure performing next steps to solve this issue:

Re-generate a Certificate Signing Request (CSR):**

• Ensure taking simulation requirements in consideration:
  • OpenSSL: Set CertificateTemplateNameASN1 in “CNF” configuration file to PRINTABLESTRING:PREZATCA-Code-Signing
  • SDK Command: Include -sim before the command for generating the CSR if you are using SDK for CSR generation.

2. Ensure using right endpoints for “simulation” which can be found on fatoora portal user manual
3. Re-do the same process with a new “OTP” that obtained from fatoora “simulation” portal

Although simulation is a replica to the production environment, they are still independent environments, so please consider simulation requirements when generating the CSR.

Thanks

I don’t see anything wrong with your csr configuration.

Csr generated with your configuration is accepted by server

{28016B14-F305-4272-A544-D843428E76F6}1833×743 97.8 KB

image1299×969 176 KB

Maybe you need to show how you created the csr.