The provided Certificate Signing Request (CSR) is invalid. - What am I missing?

FATOORA portal and Simulation portal
1

I am trying to compliance with the ZATCA simulation,

using this endpoint ,
https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance

and using this cnf:

oid_section = OIDs
[ OIDs ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2

[ req ]
default_bits = 2048
emailAddress = it@example.sa
default_md = sha256
prompt = no
distinguished_name = dn
req_extensions = req_ext

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[ req_ext ]

certificateTemplateName = ASN1:UTF8String:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names

[ dn ]
CN=POS487 # Common Name (often EGS / device id; align with portal)
O=INDEPENDENT FOOD COMPANY LTD # Organization Name
OU=INDEPENDENT FOOD COMPANY LTD # Organization Unit / branch name
C=SA # Country

[alt_names]
SN=1-Taxilla|2-IFCLSIM|3-0611240122 # EGS Serial Number 1-ABC|2-PQR|3-XYZ
UID=310096252500003 # Organization Identifier (VAT Number)
title=0100 # Invoice Type
registeredAddress=Riyadh # Address
businessCategory=Restaurant # Business Category

[tried more, but got it from here - another convo]

but the zatca sends me,

{
“httpStatus”: 400,
“ok”: false,
“body”: {
“errorCode”: “400”,
“errorCategory”: “Invalid-CSR”,
“errorMessage”: “The provided Certificate Signing Request (CSR) is invalid.”
}
}

can I know what am i missing here?

3

Hello @17arnob
Could you please let me know which version of OpenSSL you’re currently using? Thanks!

4

Thanks for your reply, I am currently using OpenSSL 3.5.4 30 Sep 2025 (Library: OpenSSL 3.5.4 30 Sep 2025)

5

Please go ahead and download version 3.0.19.

1 Like