search cancel

API Gateway: Sign CSR - Invalid subject DN: Improperly specified input name


Article ID: 187006


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


When attempting to sign a certificate in policy manager you receive the error "Invalid subject DN: Improperly specified input name"

Steps to reproduce:

Task –> Certificates, Keys and Secrets –> Manage Private Key –> Select the CA capable key –> Click on Sign Cert –>  Select the CSR file  –> Click OK


Release : 9.4

Component : API GATEWAY


This can occur when non-standard or deprecated fields exist in the subject DN. For example, if EMAILADDRESS is abbreviated as E


C=US,ST=California,L=San Jose,O=Example,OU=Support,[email protected]

Here, the E attribute can generate this error. The CSR should be updated to either use EMAILADDRESS or remove the email attribute.