SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


CSR analysis failed

While placing your order, you may encounter this kind of error message: CSR analysis failed.

CERTIFICATE REQUEST

Make sure the chain of characters you have pasted in the order form looks like: 

-----BEGIN CERTIFICATE REQUEST-----
t9iZCa9PobnjK8j6FQz0MH1LLiLvCzLQAtcipm8DDT4H8q5M0F7+xWbQZuTiZYCg
...
MFoXDTEyMDUwNTIzNTk1OVoweTELMAkGA1UEBhMCRlIxFjAUBgNVBAgTDUlsZS1k
-----END CERTIFICATE REQUEST-----


If not, the file is not the one expected.

Renewal under IIS7

A CSR generated by Microsoft Internet Information Server for a renewal may cause an analysis error in our interface. Indeed, Microsoft Technet explains that this procedure should only be used for the renewal of Microsoft self-signed certificates.

for a IIS7 server, we advise to follow the procedure described here, even for a renewal:
http://www.tbs-certificats.com/FAQ/en/447.html

Convert the renewal request generated by IIS7
Certificate Request #PKCS7 - DER to CSR in #PKCS10 format - PEM

If you absolutely need to used the file generated for a IIS internal renewal, you'll have to extract the CSR in #PKCS10 format from the #PKCS7 format used by Microsoft.
To do so, here is the command to execute with OpenSSL:

openssl asn1parse -in file-iis7.csr -strparse $(openssl asn1parse -in file-iis7.csr | grep -A2 ':pkcs7-data'|tail -1|cut -d: -f1) -out /dev/stdout -noout | openssl req -inform DER -out file-csr-pem.csr

On Windows environments, you'll have to proceed in several steps:

  • Display the file structure: 
    openssl asn1parse -in file-iis7.csr -i


    This command must display lines as below. spot:
    ":pkcs7-data",
    then:
    "58:d=5 hl=4 l=1870 prim: OCTET STRING [HEX DUMP]:3082074A..."
     0:d=0  hl=4 l=3391 cons: SEQUENCE          
    4:d=1  hl=2 l=   9 prim:  OBJECT            :pkcs7-signedData
   15:d=1  hl=4 l=3376 cons:  cont [ 0 ]        
   19:d=2  hl=4 l=3372 cons:   SEQUENCE          
   23:d=3  hl=2 l=   1 prim:    INTEGER           :01
   26:d=3  hl=2 l=  11 cons:    SET               
   28:d=4  hl=2 l=   9 cons:     SEQUENCE          
   30:d=5  hl=2 l=   5 prim:      OBJECT            :sha1
   37:d=5  hl=2 l=   0 prim:      NULL              
   39:d=3  hl=4 l=1889 cons:    SEQUENCE          
   43:d=4  hl=2 l=   9 prim:     OBJECT            :pkcs7-data
   54:d=4  hl=4 l=1874 cons:     cont [ 0 ]        
   58:d=5  hl=4 l=1870 prim:      OCTET STRING      [HEX DUMP]:3082074A30


  • Spot the line number, in our example: 58
    You can then extract the DER CSR.

    openssl asn1parse -in file-iis7.csr -strparse 58 -out csr.der


  • Finaly, convert the DER encoded CSR into PEM #PKCS10 format:
    openssl req -inform der -in csr.der -out mynewcsr.csr