Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot read key length from csr #805

Closed
phelgren opened this issue Apr 23, 2017 · 5 comments
Closed

Cannot read key length from csr #805

phelgren opened this issue Apr 23, 2017 · 5 comments

Comments

@phelgren
Copy link

phelgren commented Apr 23, 2017
edited by Neilpang
Loading

I didn't know if I should add this as a comment or start a new issue. This continues to be an issue with my particular OS version. I had used acme.sh back in October to get a certificate and that certificate has expired. Since I am doing a presentation on this very subject using acme.sh I decided to start from scratch to document the steps. In my particular case I cannot have acme.sh generate the csr so I started with a csr and then ran this command:
(with debug info)

bash-4.2$ acme.sh --debug 2 --showcsr  --csr  ~/certs/csr/petesworkshop.csr
[Sun Apr 23 14:19:12 CDT 2017] Using config home:/home/PETE/.acme.sh
[Sun Apr 23 14:19:12 CDT 2017] LE_WORKING_DIR='/home/PETE/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.9
[Sun Apr 23 14:19:12 CDT 2017] Using config home:/home/PETE/.acme.sh
[Sun Apr 23 14:19:14 CDT 2017] Subject=Petes Workshop
[Sun Apr 23 14:19:15 CDT 2017] _csrsubj='Petes Workshop'
[Sun Apr 23 14:19:16 CDT 2017] _dnsAltnames
[Sun Apr 23 14:19:17 CDT 2017] AltNames doesn't contain subject
[Sun Apr 23 14:19:17 CDT 2017] _csrdomainlist
[Sun Apr 23 14:19:17 CDT 2017] SubjectAltNames=
[Sun Apr 23 14:19:18 CDT 2017] _outcsr='Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=Texas, L=San Antonio, O=Value Added Software, CN=Petes Workshop
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a7:94:7d:35:ce:51:6e:1c:e3:4b:7e:61:0d:4b:
                    f6:ca:20:17:cc:f4:a3:43:1c:3a:8d:b2:fe:dc:81:
                    c2:33:7c:58:e7:91:1c:d4:ff:2e:4a:8c:c5:e5:45:
                    59:74:a5:02:d0:cd:96:f1:df:24:9a:2b:b3:39:1c:
                    2d:8e:d4:09:34:0a:3f:11:aa:50:88:14:dd:f1:55:
                    aa:19:93:06:78:15:70:65:cc:80:49:9b:56:43:d0:
                    ba:bb:15:c2:92:79:2a:d4:35:a6:4a:f3:3a:5b:03:
                    b7:c9:2e:ae:05:ae:02:a9:ff:87:76:a3:78:72:bc:
                    3c:f8:4d:7d:a3:83:c1:af:7f:83:32:70:9c:4f:c9:
                    bb:87:72:4d:c5:d7:48:7b:57:e3:0d:64:51:31:f4:
                    84:44:46:75:b0:50:6e:1a:01:60:af:f9:fd:28:bc:
                    19:50:6d:74:d8:77:e9:d2:7b:d1:f0:85:ba:f4:fa:
                    86:91:73:f2:ef:ed:db:33:7e:da:7f:71:23:dc:cf:
                    b4:f5:e5:28:fe:dc:0b:f2:d8:b6:4c:fb:8c:95:3e:
                    cd:6a:45:05:f1:96:94:4b:58:06:31:4d:35:5e:3c:
                    e5:60:49:16:19:28:4a:59:81:c1:b5:5a:e4:4c:4e:
                    6b:3c:6f:ad:cb:67:a0:5f:1d:cc:c2:18:c6:12:36:
                    ed:1b
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
         58:8a:e8:2d:7e:06:17:de:39:06:25:9b:9c:df:e5:16:b4:e3:
         e4:7a:c4:b8:b4:b5:94:b5:da:d3:e9:90:01:78:c6:18:16:71:
         9d:fa:2d:e0:19:e7:46:7c:a5:da:37:b9:ca:05:c2:bf:9b:b3:
         47:04:de:5d:02:c0:8c:94:9d:55:68:45:65:a4:73:39:6e:83:
         ee:f4:28:3a:c3:23:bf:c6:12:e0:f9:80:c0:04:7c:40:65:e4:
         d7:cd:9f:89:e9:db:a4:a9:75:70:33:c3:ce:6a:73:47:71:87:
         a7:01:13:5c:82:52:63:5c:e7:64:b6:54:ee:eb:52:86:74:86:
         5a:64:32:d9:d5:1e:64:d3:80:19:2a:3d:d9:21:b4:ed:3c:cb:
         61:b7:eb:ec:e0:92:b0:f4:7a:77:30:b1:1e:cf:47:de:17:64:
         75:e1:75:65:6b:dd:81:07:c0:fe:dc:e2:fc:9e:e4:e7:42:7b:
         0b:06:a8:33:67:e2:fe:9e:46:9c:60:4d:95:8b:61:08:cf:71:
         4f:5d:c2:9c:c8:45:23:ee:da:4a:ab:f4:91:9b:dc:5d:81:1a:
         b2:12:e3:6a:1d:ca:2c:0c:9e:1e:11:d9:d9:c4:32:b9:36:45:
         25:8e:11:d0:4b:35:61:a8:4a:c1:a6:cf:42:8b:4b:c1:d1:87:
         d6:5c:48:ea'
[Sun Apr 23 14:19:18 CDT 2017] RSA CSR
[Sun Apr 23 14:19:19 CDT 2017] Can not read key length from csr: /home/PETE/certs/csr/petesworkshop.csr

I did upgrade to the latest dev branch

I verified that the CSR is correctly formatted.

This particular OS is an AIX runtime running on IBM i (sometimes referred to as OS/400). This did run without issue in October so I am not sure what has changed. something with grep I suspect
@Neilpang
Copy link
Member

Please paste the --debug 2 log when you use --issue command.

I will check it soon.

Thanks.

@phelgren
Copy link
Author

phelgren commented Apr 24, 2017
edited by Neilpang
Loading 

bash-4.2$ acme.sh --debug 2 --signcsr  --csr  ~/certs/csr/petesworkshop.csr -w /                                                                                        www/petes/htdocs
[Mon Apr 24 11:19:38 CDT 2017] Using config home:/home/PETE/.acme.sh
[Mon Apr 24 11:19:38 CDT 2017] LE_WORKING_DIR='/home/PETE/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.9
[Mon Apr 24 11:19:38 CDT 2017] Using config home:/home/PETE/.acme.sh
[Mon Apr 24 11:19:40 CDT 2017] _csrsubj='www.petesworkshop.com'
[Mon Apr 24 11:19:41 CDT 2017] _csrsubj='www.petesworkshop.com'
[Mon Apr 24 11:19:42 CDT 2017] _dnsAltnames
[Mon Apr 24 11:19:42 CDT 2017] AltNames doesn't contain subject
[Mon Apr 24 11:19:43 CDT 2017] _csrdomainlist
[Mon Apr 24 11:19:43 CDT 2017] _outcsr='Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=Texas, O=Value Added Software, CN=www.petesworkshop.co                                                                                        m
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a6:84:cf:b4:21:32:e0:51:0e:12:4d:81:48:f5:
                    0d:cc:7c:60:43:20:59:a8:04:ec:1d:2c:44:7b:f7:
                    bf:41:3b:f7:3a:0a:52:e2:50:9b:af:93:99:e0:78:
                    1f:df:20:f7:67:31:a0:59:9a:ee:47:0b:32:5e:00:
                    9d:11:7c:4c:9e:c5:6b:6e:35:8c:3d:96:f4:76:f6:
                    09:73:72:8c:c0:a1:81:5b:e1:9c:50:b4:65:fc:48:
                    5f:68:79:a1:d6:79:bb:cd:11:9c:e6:53:9a:0a:41:
                    35:25:fa:85:cf:20:69:2d:85:ad:66:2d:02:bf:6a:
                    e6:2a:37:38:ee:31:30:b6:2f:23:8a:e1:53:1e:55:
                    0c:83:55:74:02:1a:e1:38:11:ac:80:68:9e:3b:23:
                    81:30:3c:50:39:43:a8:50:0b:2a:5d:7b:b8:ea:7d:
                    31:75:9e:5e:d3:13:19:4d:39:7c:e6:98:73:75:4b:
                    04:99:9c:f8:69:fe:bf:77:64:fc:e0:22:f8:98:8d:
                    41:71:e5:84:c9:1b:db:5a:a9:90:04:45:c6:63:33:
                    e0:78:34:50:25:24:a7:d8:58:c6:39:a5:d4:e4:09:
                    d1:6f:40:18:9b:d0:04:c4:e0:f3:6d:03:d0:2c:08:
                    79:14:72:3b:0b:a4:fb:3e:3d:46:bc:16:9a:d8:0b:
                    84:81
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha1WithRSAEncryption
         05:35:3b:88:94:61:08:aa:79:86:01:dc:79:b4:17:5d:8f:71:
         9d:72:0a:d5:79:7b:7d:f3:94:03:a0:38:2e:b0:3f:32:a5:6f:
         cb:3e:ce:f3:8b:53:d7:f8:f8:4e:ab:85:37:5a:da:9f:6b:16:
         26:8b:9c:df:a7:47:b5:54:01:83:00:b2:51:4a:32:86:81:ef:
         59:5a:d9:2e:8e:5a:2e:d8:67:d2:e1:c6:40:4e:42:6b:b8:5a:
         b5:41:48:77:dd:12:b9:c5:f9:64:02:86:4f:4e:05:ce:c1:c9:
         3e:3d:4a:56:a4:60:8b:5c:f1:1d:63:64:a2:fa:34:9e:65:6e:
         bf:01:f3:61:e3:db:6a:49:39:58:87:ec:28:cb:45:ff:df:48:
         3b:13:3b:ec:6f:4b:2f:10:eb:32:12:2e:c7:5c:30:a1:9e:50:
         69:33:43:2e:f3:0e:b9:0e:f2:ec:0b:d6:59:15:b0:72:7d:d1:
         3b:36:3f:a4:4b:90:a8:c6:49:4e:51:43:29:3d:19:79:72:6e:
         9d:e7:3b:53:1a:38:dd:67:b7:78:a3:c4:eb:8e:a0:c8:1b:83:
         d0:57:d4:e3:f9:06:8b:9a:9d:c3:b8:3a:0c:1a:7d:22:50:c7:
         dd:4c:2e:c4:a3:f9:45:63:8c:ec:2e:94:5f:00:6b:a9:c9:d7:
         1b:c3:91:31'
[Mon Apr 24 11:19:44 CDT 2017] RSA CSR
[Mon Apr 24 11:19:45 CDT 2017] Can not read key length from csr: /home/PETE/cert                                                                                        s/csr/petesworkshop.csr

@Neilpang
Copy link
Member

I just made a fix for you.
Please install the aix branch and try again.

export BRANCH=aix
acme.sh --upgrade

@Neilpang
Copy link
Member

Hi @phelgren

How is going on ?

Neilpang pushed a commit that referenced this issue Jun 18, 2017
check invalid subject cn in the csr
2c9ed4c 
fix #805
Neilpang pushed a commit that referenced this issue Jun 18, 2017
Merge pull request #891 from Neilpang/aix
d68f099 
fix #805
@phelgren
Copy link
Author

Sorry I was so late in getting back. I had to switch to using a Java-based ACME client for my presentation because your patch didn't change the outcome. I still get the same error after running the --upgrade. I just reran the upgrade and tried to run the same command and I still get the same error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phelgren @Neilpang