POPO verification failed - BAD_REQUEST_SIGNATURE (wsdl) #602
Replies: 1 comment 3 replies
-
|
POPO is proof-of-possession yes. If that fails it is likely due to an invalidly encoded CSR. I.e the JS code is not ASN.1 ancoding the CSR correctly. Are they for example using multi-value RDNs in that CSR? It's known that that causes invalid CSRs to be generated by some tools. |
Beta Was this translation helpful? Give feedback.
-
|
i.e. the JS library need to be fixed, or they need to tweak CSR generation for the JS library to be able to generate a proper CSR. |
Beta Was this translation helpful? Give feedback.
-
|
Indeed, the adjustment was made in the way of creating pkcs10 (pkijs node) |
Beta Was this translation helpful? Give feedback.
-
|
Excellent. |
Beta Was this translation helpful? Give feedback.
-
Hi.
Debian 12 amd64
EJBCA: ejbca_ce_8_2_0_1 (from git https://github.com/Keyfactor/ejbca-ce)
JAVA: java-11-openjdk-amd64
Wildfly: wildfly-26.0.0.Final - MariaDB.
I Used wsdl Why we developed our own ra module.
addUser and Pkcs10Request wsdl functions work without problems (testing with curl and soap data xml)
But when they send the request with a JS that they are using, we have the following error:
ERROR [org.ejbca.core.protocol.ws.EjbcaWS] (default task-40) POPO verification failed.
Log SOAP: BAD_REQUEST_SIGNATURE
I assume it may be how they are sending the data with the pkcs10Request function.
POPO is proof-of-possession?
Thanks.
PD: The developers are using a JS library so that the user can create the pkcs10 in the portal and the private key is saved in a USB token
Beta Was this translation helpful? Give feedback.
All reactions