Follow

Error Message while sending CSR to Entrust through Venafi Trust Protection Platform

Affected versions:

Entrust.NET Driver

Symptom:

Post CSR failed with error: Web Service Error - (ID:######) Unable to validate the certificate signing request (CSR). Please contact Entrust Certificate Services for support. (Error ID: GEN010)

Cause:

This error is typically been seen by customers when a CN (Common Name) and/or SAN (Subject Alternate Name) Domain is not recognized by Entrust. This is typically from a typo in the domain name in the SAN or if Entrust do not have that domain currently configured in the system. 

This generic error message is being relayed from Entrust directly and is not a Venafi error message. It is possible that another required field in the CSR is incorrect, Venafi attempts to give better error messages on other fields that are more specific, or will pass on the error from Entrust if it is specific.  

Fix:

Make sure that the domain is set up properly in the Entrust portal and that the CN and all SANs domain names are correctly spelled before submitting the CSR for signing. 

This can also be accomplished by using Domain white-listing in the policy for these certificates. To find out more about domain white-listing please look here: 

https://docs.venafi.com/Docs/18.4/TopNav/Content/Policies/r-policy-object-cert-settings.php?Highlight=domain%20white%20listing

Also check that all other fields have been correctly configured. 

Was this article helpful?
1 out of 1 found this helpful

Comments