SSL certificate cannot be purchased due the errors caused by the e-mail address. We are trying to buy SSL certificate for an account by using '
upload CSR' option in the store. The email address field is blank, but the CSR contains the email address.
Here is the OpenSSL output for CSR generated by PBAS:
~# openssl req -in PBAS_CSR -text Certificate Request: Data: Version: 0 (0x0) Subject: emailAddressfirstname.lastname@example.org, C=PT, L=City, ST=State, OU=IT, CN=mail.domain.tld, O=Organization
PBAS expects "
emailAddress" tag to be inside CN (common name), for instance please check the output for a valid test request:
~# openssl req -in VALID_CSR -text Certificate Request: Data: Version: 0 (0x0) Subject: C=PT, ST=Lisboa, L=Lisboa, O=Parallels, OU=FHGSS, Lda, CN=test.com/emailAddressemail@example.com
Position of "
emailAddress" is different, it is within CN here as expected.
Thus, with the CSR provided, PBAS cannot extract the needed "
emailAddress", and despite the email address itself is ok.
Such behavior is considered to be a software issue:
PBAS-28937 - The invalid Email address is found in the CSR file, when buying the SSL certificate in the store
The issue is fixed since PBAS version 4.5.3
Upgrade PBA-S to the latest version.