1

I have a CSR (X509 certificate signing request) that looks like this:

-----BEGIN CERTIFICATE REQUEST-----
13 lines of <base 64>: 12 lines of 64 characters, 
followed by 1 line of 52 characters
-----END CERTIFICATE REQUEST-----

I was told that to verify the CSR, I could use this command:

openssl req -text -noout -verify -in my.csr

but when I run that, I get this error:

unable to load X509 request
4419198400:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST

I get the same error if I use openssl req -in my.csr -noout -text (leaving out the verify)

If I paste the contents of the file into an online tool (website), the tools I have tried seem to parse it OK, but I would like to be able to do this locally, so I get all the information (the online tools do not tell me everything that is in the CSR). Can someone please tell me how to make this work?

Sara
  • 499
  • 3
  • 8
  • I tested this, and it works for me. Was the CSR created by the same version of `openssl` that you are using to try to parse the CSR? – mti2935 May 26 '21 at 23:01

1 Answers1

1

Turns out the command is correct, and the file looks correct when printed or the text copied and pasted, but apparently the file came from a Windows system and starts with a BOM (Byte Order Mark), and openssl does not like the BOM at the beginning of the line. The problem is shown by the file command output including "(with BOM)"

$ file my.csr 
my.csr: UTF-8 Unicode (with BOM) text

Once I edited the file as suggested here to remove the BOM

vim -c "set nobomb" -c wq my.csr

then the command in the post worked.

Sara
  • 499
  • 3
  • 8