ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

API Gateway: Sign CSR - Invalid subject DN: Improperly specified input name

book

Article ID: 187006

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

When attempting to sign a certificate in policy manager you receive the error "Invalid subject DN: Improperly specified input name"

Steps to reproduce:

Task –> Certificates, Keys and Secrets –> Manage Private Key –> Select the CA capable key –> Click on Sign Cert –>  Select the CSR file  –> Click OK

Environment

Release : 9.4

Component : API GATEWAY

Resolution

This can occur when non-standard or deprecated fields exist in the subject DN. For example, if EMAILADDRESS is abbreviated as E

Example

C=US,ST=California,L=San Jose,O=Example,OU=Support,[email protected]

Here, the E attribute can generate this error. The CSR should be updated to either use EMAILADDRESS or remove the email attribute.