Failed, csr and cert mismatch

book

Article ID: 192123

calendar_today

Updated On:

Products

API MANAGEMENT SAAS CA API Management SaaS

Issue/Introduction

When following procedure https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/saas/set-up-and-maintenance/set-up-custom-domain-names.html.

We can create CSR but when uploading it  fails with error message 'Failed, csr and cert mismatch'

As per the requirement the ST( state_or_province_name)  field in the certificate is empty. Is there any way to disable that ST field , or is there another reason why it is failing?

Cause


When generating the CSR the state_or_province_name was given as "state_or_province_name"=null

Environment

Release : 4.3.2

Component : API MANAGEMENT SAAS

Resolution


The standard way to not include any attribute in a certificate is to provide period i.e "." value instead of "null" . If you use null it will consider it as a value.
You can use below commands for your reference. Try to include the . value in place of state value in the curl command.

Commands to generate csr and private keys.

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Command to list the cert details in private key

openssl req -noout -text -in server.csr