Endpoint Encryption

 View Only

  • 1.  PGP Command Line produces invalid CSR

    Posted Mar 12, 2015 01:05 AM
    1. downloaded a trial version of PGP CommandLine from the Symantec website for Win7 (64 bits) to a personal lap-top;
    2. activated with the 30days trial licence key Symantec sent; and
    3. generated a CSR for my person. 

    CSR fails validation on https://ssltools.websecurity.symantec.com/checker/views/csrCheck.jsp And the Certificate Information only shows the first character of each parameter (example parameters)

    --common-name "falan filan"
    --country AU
    --state "New South Wales"
     
    tried parameters with single quotes, double quotes, no quotes, saved in a batch file; repeated the process on WinXP with the same outcoe, each time.
     
    What am I doing wrong?
     
    You have 2 errors
    Common name is a hostname.
    The common name in your CSR is a hostname which does not meet CA/Browser Forum requirements. Instead, use a fully-qualified domain name and try again.
    Country code not recognized.
    The country in your CSR is invalid. Enter a valid country and try again.
     
    Certificate information
    Common name:
     f
     
    Organization:
     C
    Organizational unit:
     O
    City/locality:
     S
    State/province:
     N
    Country:
     A
     


  • 2.  RE: PGP Command Line produces invalid CSR

    Broadcom Employee
    Posted Apr 13, 2015 07:09 AM

    Hi,

    Can you paste to test the full pgp commad line syntax which you used to generate a CSR including version of the PGP Command line used.

     



  • 3.  RE: PGP Command Line produces invalid CSR

    Posted Apr 13, 2015 06:26 PM

    pgp --export FatcaTestKey --export-format csr --passphrase "xxxx" --common-name "cba.com.au" --organization "Commonwealth Bank of Australia" --organizational-unit "Business System Hosting " --city SYDNEY --state "New South Wales" --country "AU" --contact-email "xxxx" --output "d:\work\pgp\testfatca.csr"



  • 4.  RE: PGP Command Line produces invalid CSR

    Broadcom Employee
    Posted Apr 14, 2015 11:03 AM
      |   view attached

    Hi,

    Run a quick test on PGP Command line (on Linux ) which has got a full license. Can try test as well on Windows PGP CL.

    Here what I am having:

    [root@keys1 /]# /opt/pgp/bin/pgp --version
    PGP Command Line 10.3.2 build 12268

    [root@keys1 /]# /opt/pgp/bin/pgp --export adam  --export-format csr --passphrase xxxxx  --common-name "cba.com.au" --organization "Commonwelath Bank of Australia" --organizational-unit "Business System Hosting" --city Sydney --state "New South Wales" --country  "AU" --contact-email test@test.com --output "/tmp/cert.csr"
    0x81651FE2:export key (0:key exported to /tmp/cert.csr)

    See attached file


     

     



  • 5.  RE: PGP Command Line produces invalid CSR

    Posted Apr 14, 2015 06:47 PM

    Thanks Adam,

    we don't dispute that it works on Linux, but we don't have that. We need to run PGP CL on Windows XP (SP3). The problem occurs with Windows XP. We also tried on Windows 7; same result (the certificate couldn't be used).

    Can you try on one of those OSs?

     

    Thanks/regards

     

    MT



  • 6.  RE: PGP Command Line produces invalid CSR

    Broadcom Employee
    Posted Apr 15, 2015 07:22 AM
      |   view attached

    Hi Tinazmu,

    Tested on Windows x64 and I can confirm this issue. Quickly checked if we have got any bug open for this but was not able to find. Let me try to verifyand investigate this further and come back to you...

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>hostname
    win7x64

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --version
    PGP Command Line 10.3.2 build 12292
    Copyright (C) 2014 Symantec Corporation. All rights reserved.
    All rights reserved.
    Use of this product is subject to license terms.
    This Symantec product may contain open source and other third party materials
    that are subject to a separate license. Please see the applicable Third Party
    Notice at http://www.symantec.com/about/profile/policies/eulas/.

     

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --list-keys
     Alg  Type Size/Type Flags   Key ID     User ID
    ----- ---- --------- ------- ---------- -------
    *RSA4 pair 2048/2048 [VI---] 0x9FC2E679 User1
    1 key found

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --export User1 --exp
    ort-format csr --passphrase xxxxxxx  --common-name "cba.com.au" --organizatio
    n "Commonwelath Bank of Australia" --organizational-unit "Business System Hostin
    g" --city Sydney --state "New South Wales" --country  "AU" --contact-email test@
    test.com --output "c:\users\user1\desktop\cert_winx64.csr" -v
    pgp:export key (3157:current local time 2015-04-15T09:02:37+02:00)
    C:\Users\user1\Documents\PGP\pubring.pkr:open keyrings (1006:public keyring)
    C:\Users\user1\Documents\PGP\secring.skr:open keyrings (1007:private keyring)
    0x9FC2E679:export key (0:key exported to c:\users\user1\desktop\cert_winx64.csr)


    C:\Program Files (x86)\PGP Corporation\PGP Command Line>

     



  • 7.  RE: PGP Command Line produces invalid CSR

    Broadcom Employee
    Posted Apr 16, 2015 05:11 AM

    Hi Tinazmu,

    After trying to run some more tests on this command, reshuffle the syntax, using also as per documetation a recommeded --subkey switch I am still getting parsring/decode issue. I did not test an earlier version of the PGP Command line on Windows 7 (both 32 and 64 bits) but will do it for shortly forr the testing purposes.

    Currently if you are entitled to Symantec Support I strongly advice you to open a case and you can reference this forum thread including my name Adam G.

    This is most probably a BUG/defect.

    Thank you.