opensslssl-certificateself-signedpsd2

OpenSSL Error in Req when generating self-signed certificate


I created CSR file eidas.csr following content

    oid_section = OIDs

[ req ]
distinguished_name = dn
prompt = no

[ OIDs ]
OrganizationID=2.5.4.97

[ dn ]
O=Enable Banking Oy
L=Espoo
C=FI
OrganizationID=PSDFI-FINFSA-29884997
CN=enablebanking.com

I run the following command: openssl req -new -config eidas.conf -keyout eidas.key -out eidas.csr

and I get the following error:

problem creating object OrganizationID=2.5.4.97
140676474279104:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:709:
error in req

First PC: OpenSSL 1.1.1d 10 Sep 2019

Operation System: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2020.1 Codename: kali-rolling

Second PC: OpenSSL 1.1.1h 22 Sep 2020 Operation System: Windows 10 Pr

HOWEVER, if I Change Oid declaration Line 2.5.4.97 whit 1.2.3.4 this succeeds


Solution

  • In newer openssl version OID 2.5.4.97 is reserved for organizationIdentifier, so you can change your eidas.conf to the following and it should work.

    [ req ]
    distinguished_name = dn
    prompt = no
    
    [ dn ]
    O=Enable Banking Oy
    L=Espoo
    C=FI
    organizationIdentifier=PSDFI-FINFSA-29884997
    CN=enablebanking.com
    

    Also not the values in [ dn ] section. Apparently you copied eidas.conf from https://enablebanking.com/blog/2020/01/13/how-to-generate-eidas-certificate/ and there the value were given just as an example and probably you would want to change them to describe your own organization, location and domain (although for psd2 sandboxes any values are likely to work).