I created CSR file eidas.csr following content
oid_section = OIDs
[ req ]
distinguished_name = dn
prompt = no
[ OIDs ]
OrganizationID=2.5.4.97
[ dn ]
O=Enable Banking Oy
L=Espoo
C=FI
OrganizationID=PSDFI-FINFSA-29884997
CN=enablebanking.com
I run the following command:
openssl req -new -config eidas.conf -keyout eidas.key -out eidas.csr
and I get the following error:
problem creating object OrganizationID=2.5.4.97
140676474279104:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:709:
error in req
First PC: OpenSSL 1.1.1d 10 Sep 2019
Operation System: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2020.1 Codename: kali-rolling
Second PC: OpenSSL 1.1.1h 22 Sep 2020 Operation System: Windows 10 Pr
HOWEVER, if I Change Oid declaration Line 2.5.4.97 whit 1.2.3.4 this succeeds
In newer openssl version OID 2.5.4.97 is reserved for organizationIdentifier, so you can change your eidas.conf to the following and it should work.
[ req ]
distinguished_name = dn
prompt = no
[ dn ]
O=Enable Banking Oy
L=Espoo
C=FI
organizationIdentifier=PSDFI-FINFSA-29884997
CN=enablebanking.com
Also not the values in [ dn ] section. Apparently you copied eidas.conf from https://enablebanking.com/blog/2020/01/13/how-to-generate-eidas-certificate/ and there the value were given just as an example and probably you would want to change them to describe your own organization, location and domain (although for psd2 sandboxes any values are likely to work).