node.jsopensslgoogle-clientcertificate-authorityder

Can't create google CA certificate via google client library


Getting an error error parsing CSR: ToCertificateRequest: nil DER when decoding PEM

The same CSR works when using the gcp console

3 INVALID_ARGUMENT: error parsing CSR: generic:
:invalid_argument: error parsing CSR: ToCertificateRequest: nil DER when decoding PEM: 
-----BEGIN CERTIFICATE REQUEST-----\n      
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n      
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n      
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n      
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n      
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n      
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n      
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n      
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n      
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n      
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n      
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n      
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n      
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n      
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n      
-----END CERTIFICATE REQUEST-----

Environment details

Steps to reproduce

  1. Generate a csr using openssl openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
  2. cat MYCSR.csr
  3. Send that csr in a createCertificate request:
  return await client.createCertificate({
    parent: '/path/to/pool',
    certificate: {
      name: 'my cert',
      lifetime: {
        seconds: 31536000, // 1 year
      },
      pemCsr: `-----BEGIN CERTIFICATE REQUEST-----
      MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
      ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
      AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk
      OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9
      6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK
      P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl
      Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo
      lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG
      SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy
      tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz
      s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG
      PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK
      v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun
      KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g
      -----END CERTIFICATE REQUEST-----`,
    },
  });

Solution

  • Was a formatting issue, fixed by concatenating lines

            '-----BEGIN CERTIFICATE REQUEST-----\n' +
            'MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n' +
            'ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n' +
            'AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n' +
            'OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n' +
            '6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n' +
            'P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n' +
            'Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n' +
            'lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n' +
            'SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n' +
            'tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n' +
            's/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n' +
            'PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n' +
            'v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n' +
            'KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n' +
            '-----END CERTIFICATE REQUEST-----',