The provided Certificate Signing Request (CSR) is invalid

Onboarding, renewal and revocation
1

I got the following Error issuing a production certificate: {“errorCode”:“400”,“errorCategory”:“Invalid-CSR”,“errorMessage”:“The provided Certificate Signing Request (CSR) is invalid.”}

However when i test CSR in developer portal it generate PCSID successfully

2

Dear @malqabbani ,

Did you test in the API Integration Sandbox? if so, kindly note that the data in the sandbox is dummy data that you should not rely on. However, it seems that your problem is in the config file, are you sure about the data provided in the config file? are you using the same VAT number that you used to access fatoora portal?

1 Like
3

one of the reasons is that you pass a command to issue a compressed key…don’t use compress

4

@lalomar This error is showed with me on simulation portal , first i generate the otp in simulation portal then i generate the CSR and i checked online and it is valid then i use it go get the compliance CSID successfully and compliance invoice but when come to production CSID step it give me this error

5

Dear @malqabbani,

Many thanks for sharing such an information.

You are receiving such an error because of a mistake in generating your CSR for simulation, please ensure performing next steps to solve this issue:

Re-generate a Certificate Signing Request (CSR):**

  • Ensure taking simulation requirements in consideration:
    • OpenSSL: Set CertificateTemplateNameASN1 in “CNF” configuration file to PRINTABLESTRING:PREZATCA-Code-Signing
    • SDK Command: Include -sim before the command for generating the CSR if you are using SDK for CSR generation.

  1. Ensure using right endpoints for “simulation” which can be found on fatoora portal user manual

  2. Re-do the same process with a new “OTP” that obtained from fatoora “simulation” portal

Although simulation is a replica to the production environment, they are still independent environments, so please consider simulation requirements when generating the CSR.

Please confirm when the issue is fixed, should you require any further information, please don’t hesitate to reach out.

6

@Aturkistani Thanks alot, it works well

7

We faced similar issue but the issue is because of the length of the data.
Our device name was 25 char long which resulted in this error when requesting prod CSID.

But this should have been validated by zatca before issuing CSID or atleast during compliance checks.