Thankyou @Malik
Can you please tell me
How do we get the data in these 3 fields?
csr.common.name=TST-886431145-399999999900003
csr.serial.number=1-TST|2-TST|3-ed22f1d8-e6a2-1118-9b58-d9a8f11e445f
csr.organization.identifier=399999999900003
Are these data supplied by ZATCA or should the software decide these values on their own?
Hi,
Normally I share this excel file with the companies to fill details and it has all details. Further details you can find in the ZATCA document User Manual
Developer Portal Manual Version 2
Thank you @Malik
its the serial number that i have doubts with. So if you are providing the EGS (software) to generate the xml and your EGS is same for different clients - each one still fills out a separate serial number for the same software?
First 2 your numbering and 3rd is UUID which will always be generated unique, all 3 you have to provide in CSR template,
1-JS|2-V1|3-10427930-4db4-7b54-e063-0311a8c0c8be
Dear @mohmed58264 ,
Thanks for reaching out,
Kindly note that both links you’re using for compliance check and production CSID are not correct in the simulation environment.
For Compliance Check, please use the below correct link:
https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices
For production CSID, please use the below correct link:
https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/production/csids
Kindly send 3 samples to the correct compliance check link provided above, then you can proceed to the production CSID.
Additional note that you can find the updated APIs after logging to fatoora simulation portal (https://fatoora.zatca.gov.sa/) and navigate to API documentation.
Thanks,
sir I have problem in integration after I get the ccid and make the compliance I send try to have the psid it gives me an ERRORR
{
“errorCode”: “400”,
“errorCategory”: “Invalid-CSR”,
“errorMessage”: “The provided Certificate Signing Request (CSR) is invalid.”
}
csr.common.name=AGH-4650017660-300453212100003
csr.serial.number=1-AGH|2-AGH|3-8cee4810-647f-4b2b-be14-8317b61d60b3
csr.organization.identifier=300453212100003
csr.organization.unit.name=3004532121
csr.organization.name=Abdul Ghani Hussain Group
csr.country.name=SA
csr.invoice.type=1100
csr.location.address=DMGA2659
csr.industry.business.category=Multi Activities
this is my cnf file what make the problem why its appear only in pcsid not in the ccid ?
I have the same issue at simulation
I generate csr once with Zatca .net SDK and once with openssl command
and get the same error today and yesterday before that it worked without any error
Yes, I’m facing the same issue during simulation:
“errorCode”: “400”,
“errorCategory”: “Invalid-CSR”,
“errorMessage”: “The provided Certificate Signing Request (CSR) is invalid.”
Note: It works successfully in the core environment, but the issue occurs only in the simulation. It was working fine before January 7, 2025.
Could you please clarify which fields we need to submit in the CSR?
Morning @easyaamal @AmrSobhy @Malik_55
Thanks for reaching out, Welcome to our community.
To provide comprehensive support as usual, can I kindly ask you to collaborate with the below:
1- How you are generating the CSR? If you are using ZATCA SDK, what is the version?
2- What is the API that you are hitting?
3- If you can provide the full request and response along with the .cnf file for OpenSSL and the config file, and share it through the below SP mail, will help us in our investigation.
Thanks,
Ibrahem Daoud.
Dear Ibrahem,
Thank you for your response.
I’ve sent you an email containing the request body, API, and OpenSSL configuration file.
Please note that this issue seems to be a general issue and not a specific case.
We have been following the same procedure before January 7, 2025, and it was working perfectly fine.
We are not using the ZATCA SDK directly.
We believe that some fields might have been added or modified on your side, which are now required in the CSR, but we haven’t been informed about them.
Could you please clarify if any additional fields are required?
Thank you for your cooperation
Dear @easyaamal
Please note that no changes on simulation related to what you are facing, and it’s work fine. No changes for the fields.
kindly share your .cnf file or config file with the full request and response via SP mail: sp_support@zatca.gov.sa
Thanks,
Ibrahem Daoud.
@idaoud
I have shared the .cnf file via email.
Regarding the announcement:
It mentions a significant upgrade to the ZATCA Simulation environment in early January.
Could you please clarify what changes were made?
This is an urgent case, as the issue started after this update.
Thank you!
Dear @easyaamal
The mentioned announcement is related to upgrade the Java version to latest version as it mentioned.
Thanks for sharing the details, Can you share the mail you sent from to check with with our team and get back to you ASAP?
Thanks in advance,
Ibrahem Daoud.
@idaoud
email: teqanyco@gmail.com
subject : Reply to ZATCA Developer Community Post
We are also facing same issue in simulation since January 7 2025, previously it was working fine.
“errorCode”: “400”,
“errorCategory”: “Invalid-CSR”,
“errorMessage”: “The provided Certificate Signing Request (CSR) is invalid.”
It is working fine in sandbox.
I am using the latest SDK version 3.3.9
using this code to generate csr
CsrGenerationDto dto = new CsrGenerationDto(
“Device-000001-300038065900003”,
“1-TAWAIL|2-Version2025|3-” + Guid.NewGuid().ToString(),
“300038065900003”,
“Riyadh Branch”,
“TAWAIL”,
“SA”,
“1100”,
“Riyadh”,
“Training”);
CsrResult result = csrgen.GenerateCsr(dto, EnvironmentType.Simulation, false);
string csr = result.Csr;
string privatekey = result.PrivateKey;
2- api url “https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/production/csids”
kindly please do your best to solve this problem
me and others get the same error with the same code we used before and was running but now not running (in simulation mode only)
Dear @majazuddin, @AmrSobhy, @easyaamal, @Malik_55
This issue is related to OpenSSL version to fix it please follow the below steps:
1- Use the Win64OpenSSL_Light-3_3_0.exe version of OpenSSL.
2- Open the CMD from the same directory that contains your config.cnf file.
3- Use this command to generate the private key
(openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem), The private key will be generated in the same directory.
4- Use this command to generate the public key
(openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem), The public key will be generated in the same directory.
5- Use this command to generate the CSR
(openssl req -new -sha256 -key ec-secp256k1-priv-key.pem -extensions v3_req -config config.cnf -out my.csr) the decoded CSR will be generated in the same directory.
6- After that you need to encode the CSR base64 and send it to compliance API using it in the body as JSON, in header use the OTP from fatoora portal or fatoora simulation portal based on your config file if it’s for sim or production to receive the CCSID.
After following these steps you will be able to received the CCSID successfully,
On the other hand, our recommendation is to use ZATCA SDK the latest version as it’s working perfectly with no errors, you can download the SDK through Zatca,
ensure that you have the pre requests, for SDK_java version
(install the JDK 11), for .Net(version 8).
Additionally, you can review the readme file in the SDK after successfully download it, for the commands to be used.
Kindly try the suggested solution, and confirm if the issue resolved, If not do not hesitate to reach out our SP mail to schedule meeting if needed.
SP mail: sp_support@zatca.gov.sa
Thanks,
Ibrahem Daoud.
depending on this response it mean that csr value is accepted with first step and remain only to send compliance steps and after sent them we got csr key is invalid how this ?? if there issue with csr we didnt get this response and you know that
I have also sent an email with this response via teqanyco@gmail.com
subject:
for your reference.
thanks Ibrahem for your efforts
I tried again to generate CSR from Zatca .Net SDK lastest Version 3.3.9 but still get same error at the url “https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/production/csids”
The latest CSR I created with base64 format is
csr=“LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ056Q0NBZDBDQVFBd2dZOHhDekFKQmdOVkJBWVRBbE5CTVJZd0ZBWURWUVFMREExS1lXUmtZV2dnWW5KaApibU5vTVVFd1B3WURWUVFLRERqWmhkaXQyTGZZcVNEWmhkaXYyS2ZaaE5tRTJZY2cyWVhaaE5tQjJLMGcyTFBaCmhObUYyS2ZaaGlEWXA5bUUyTFRZc2RpbjJMSFppVEVsTUNNR0ExVUVBd3djUkdWMmFXTmxMVEF3TURBeExUTXcKTURrMU5ERTRNakV3TURBd016QldNQkFHQnlxR1NNNDlBZ0VHQlN1QkJBQUtBMElBQkp1MzNhdklRRjQ5WTVGUQpjV2pEZUlKVGxwbkt0RHhqM29OSXN4bkVQVlMreElFZHJGeXROeWlhbGc4WWxydlBDV2k3YWNPTDRydTliYks2CnVyZVNndlNnZ2Uwd2dlb0dDU3FHU0liM0RRRUpEakdCM0RDQjJUQWtCZ2tyQmdFRUFZSTNGQUlFRnhNVlVGSkYKV2tGVVEwRXRRMjlrWlMxVGFXZHVhVzVuTUlHd0JnTlZIUkVFZ2Fnd2dhV2tnYUl3Z1o4eFFEQStCZ05WQkFRTQpOekV0V21GMFkyRlFUMU44TWkxMk1qVjhNeTFpTmpSaE5USTNOeTFrWm1NeExUUmpOVFF0T0RjMU5pMWlaV001ClptTmxOakEwWTJVeEh6QWRCZ29Ka2lhSmsvSXNaQUVCREE4ek1EQTVOVFF4T0RJeE1EQXdNRE14RFRBTEJnTlYKQkF3TUJERXhNREF4RHpBTkJnTlZCQm9NQmtwaFpHUmhhREVhTUJnR0ExVUVEd3dSMllYWXJkaTMyS2tnMllqWgpndG1JMks4d0NnWUlLb1pJemowRUF3SURTQUF3UlFJaEFORDJwS29WRUxvOUhjeDFqZW5IbGowL0doeXhnNzN4CkZDeFJLMDlEcEpwbEFpQlMzQjJSaTBPRUhEbEhJMzJWdzJ1ZjRaZ1BzRkFnQmpOdk1DdnB5dDRaYVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K”
Please if it works with any one tell use
@Malik_55 @easyaamal @majazuddin
I tried Zatca .NET SDK 3.3.9 with CsrGenerationDto as you used, the CSR I got was different from the one you shared.
static void Main(string[] args)
{
Guid guid = Guid.NewGuid();
CsrGenerationDto csrGenerationDto = new CsrGenerationDto(
"Device - 000001 - 300038065900003",
"1-TAWAIL|2-Version2025|3-" + guid.ToString(),
"300038065900003",
"Riyadh Branch",
"TAWAIL",
"SA",
"1100",
"Riyadh",
"Training")
;
CsrGenerator csrGenerator = new CsrGenerator();
CsrResult result = csrGenerator.GenerateCsr(csrGenerationDto, EnvironmentType.Simulation, false);
string csr = result.Csr;
Console.WriteLine(csr);
}
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0NCk1JSUNCVENDQWF3Q0FRQXdZakVMTUFrR0ExVUVCaE1DVTBFeEZqQVVCZ05WQkFzTURWSnBlV0ZrYUNCQ2NtRnUNClkyZ3hEekFOQmdOVkJBb01CbFJCVjBGSlRERXFNQ2dHQTFVRUF3d2hSR1YyYVdObElDMGdNREF3TURBeElDMGcNCk16QXdNRE00TURZMU9UQXdNREF6TUZZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUFvRFFnQUVMVGQwRzdKOFZUS1oNClVtTEN5amp2eUpkWnlXNFJMTHd3dUk2YjFOd3U0YmttdTQ1cGFWVFI2ZHo0ejhBVVRTOEpLWS9WRHNqQ3IxQU0NCndYNEo1cnozSnFDQjZqQ0I1d1lKS29aSWh2Y05BUWtPTVlIWk1JSFdNQ1FHQ1NzR0FRUUJnamNVQWdRWEV4VlENClVrVmFRVlJEUVMxRGIyUmxMVk5wWjI1cGJtY3dnYTBHQTFVZEVRU0JwVENCb3FTQm56Q0JuREZHTUVRR0ExVUUNCkJBdzlNUzFVUVZkQlNVeDhNaTFXWlhKemFXOXVNakF5Tlh3ekxXVmxObVUzTVRFekxXRmxOVGd0TkRnM1pDMWkNClpUaGtMV1ZsTldZMFpqSXlaakE0T0RFZk1CMEdDZ21TSm9tVDhpeGtBUUVNRHpNd01EQXpPREEyTlRrd01EQXcNCk16RU5NQXNHQTFVRURBd0VNVEV3TURFUE1BMEdBMVVFR2d3R1VtbDVZV1JvTVJFd0R3WURWUVFQREFoVWNtRnANCmJtbHVaekFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUFmMURmZ28xMGNWUjNkWk1OS0RFMlA4T2lJQjdvaU1TaVkNCmJDRk12bkwwL2dJZ0kxckRTaWFVUktTbHNUS2ZVZkhDVW1haUx1cmE1Q0xuRUFmdjdyOU41bVU9DQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0NCg==
The difference can be seen from your Decoded CSR and the Decoded CSR I obtained.
this your csr
and this mine
Maybe that’s what caused the error.
