Vault API returns asn1: structure error: integer too large

Hello,
I’m trying to send my “openssl” generated csr to get signed by my vault PKI server.

Using this guide as a reference, I’ve created a “.csr” file in pem formt, turned it into a json file with the “csr” key holding the pem string as it’s value,
and sent it using the command:

curl --header "X-Vault-Token: <...>" --request POST --data "@onap-csm.json" $VAULT_ADDR/v1/onap-csm-pki1/sign/onap-csm-rule

The response I get:

{"errors":["certificate request could not be parsed: asn1: structure error: integer too large"]}

Please, help me understand:
Were this error is coming from? is it from the client or the server?
What can I do to overcome this issue?

json and csr content attached:

-----BEGIN CERTIFICATE-----
MIICDjCCAXcCFDdggihIV76qqGi2wdwK83mGfIR2MA0GCSqGSIb3DQEBCwUAMEYx
CzAJBgNVBAYTAklMMQ4wDAYDVQQKDAVMaXZlVTEYMBYGA1UEAwwPZm9vLmV4YW1w
bGUub3JnMQ0wCwYDVQQLDARCb3NzMB4XDTIyMTEyNzA2NDU1OVoXDTIyMTIyNzA2
NDU1OVowRjELMAkGA1UEBhMCSUwxDjAMBgNVBAoMBUxpdmVVMRgwFgYDVQQDDA9m
b28uZXhhbXBsZS5vcmcxDTALBgNVBAsMBEJvc3MwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBALfesVxDeBpPJMRqUowKw4O8vOdwXjfgkz8afzL+XEVhWmQNf20B
USqlsoe4re4Zk3Dk/CCt9Ag/PuDct2ZS3f8+FzzaPrJKhC8vE12QhKRE9A+jvMPq
Xv2VwXtMdJp8xUDqNQyqBl5YRLqmad+62arVby+DdRGqILx7WaRrwi5XAgMBAAEw
DQYJKoZIhvcNAQELBQADgYEArvN6oHSkkhoTBmZJUCLFWuN88fEA7kfAH7xr9JLQ
oDL2ZPB+69Si7c2EM3dA/+zPTSiNXE4bcpAk0jHOsvIXsEELN/3kuu4cGBZZiLn+
+7pUB4QFU0A4G5aOBqCsQ0qwspT11c2Z1rU31/1r1yPfQrHNPcu+erb64lsPu/7Y
PGQ=
-----END CERTIFICATE-----
{
"csr" : "-----BEGIN CERTIFICATE-----\nMIICDjCCAXcCFDdggihIV76qqGi2wdwK83mGfIR2MA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAklMMQ4wDAYDVQQKDAVMaXZlVTEYMBYGA1UEAwwPZm9vLmV4YW1wbGUub3JnMQ0wCwYDVQQLDARCb3NzMB4XDTIyMTEyNzA2NDU1OVoXDTIyMTIyNzA2NDU1OVowRjELMAkGA1UEBhMCSUwxDjAMBgNVBAoMBUxpdmVVMRgwFgYDVQQDDA9mb28uZXhhbXBsZS5vcmcxDTALBgNVBAsMBEJvc3MwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALfesVxDeBpPJMRqUowKw4O8vOdwXjfgkz8afzL+XEVhWmQNf20BUSqlsoe4re4Zk3Dk/CCt9Ag/PuDct2ZS3f8+FzzaPrJKhC8vE12QhKRE9A+jvMPqXv2VwXtMdJp8xUDqNQyqBl5YRLqmad+62arVby+DdRGqILx7WaRrwi5XAgMBAAEwDQYJKoZIhvcNAQELBQADgYEArvN6oHSkkhoTBmZJUCLFWuN88fEA7kfAH7xr9JLQoDL2ZPB+69Si7c2EM3dA/+zPTSiNXE4bcpAk0jHOsvIXsEELN/3kuu4cGBZZiLn++7pUB4QFU0A4G5aOBqCsQ0qwspT11c2Z1rU31/1r1yPfQrHNPcu+erb64lsPu/7YPGQ=\n-----END CERTIFICATE-----"
}

Thanks,
Maor

Screenshots are a really bad way to provide data like this since it’s impractical for readers to decode the data themselves to verify. (No, I’m not going to go look for an OCR tool to reverse-engineer text out of them.)

However in this case the problem is readily apparent … your input is a certificate, not a CSR.

1 Like

Thank you for the feedback regarding the screenshot - edited.
Iv’e created a csr, the issue is solved!