CSR signed with keys from previously issued certificate (from LE) fails



I have a private key which is EC PKCS#8, and a public key that is Sun EC public key, 256 bits
public x coord: 43916544483927623224033349768666276607155482769419633727704826217266457048946
public y coord: 100084628262876549801319180183418926400351229554730949300583183120761851810920
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)

With that, I can successfully obtain a signed certificate from the staging LE server:

Version: V3
Subject: CN=Fake LE Intermediate X1
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits
modulus: 29962205107185618110112009748421620647651467267892597353431728166808893601614695762206043637527583101575338467087859107329150140266386010062028748646524291478333538906871283392611308583748689689544862282471737512483950038169909134829268869127909037912834483751287267584305051021242101006518637635039063614015595972496456506916032699386756681124719224910371640876617269786409624230842649309247758143063105374047914406254969418578350061363596609103289493971686182044522032761653515379943430400990217582844177845122088165471119919905015992544313842644993319714736977811366726970108049775073322302388824855528275035919293
public exponent: 65537
Validity: [From: Tue May 24 00:07:59 CEST 2016,
To: Sat May 24 00:07:59 CEST 2036]
Issuer: CN=Fake LE Root X1
SerialNumber: [ 8be12a0e 5944ed3c 546431f0 97614fe5]

First of all, and maybe this is due to the fact that this is the staging server, I do not understand why the public key in the certificate is suddenly a RSA 2048 bit key.

Secondly, when I use the private and public key from that newly signed certificate for renewal, and thus create a CSR with, I get a “‘Error creating new cert :: invalid signature on CSR’” back?

Any help is greatly appreciated

Does Boulder verify CSR signatures?

Could you post the actual CSR you’re submitting, and the certificate you receive?

If that’s the subject, you’re not looking at your certificate, but rather the intermediate certificate that signs certificates on the staging server (which uses a RSA-2048 key). The subject of your certificate would be something like CN=your.domain.example.com.


Well, the strange thing is that the certificate chain that I get after the first run only contains a single certificate. Note, in my client I am using the acme4j lib.


Looking at acme4j, it appears to be a low-level ACME library, which leaves the actual certificate storage up to you. It has separate API calls for retrieving the intermediate and end-entity certificate. Any chance you’re missing the latter, i.e. only call certificate.downloadChain();? See this block for an implementation that retrieves and stores both.

Happy to take a look at your implementation if it’s not that.


Yep, I am downloading the chain using that method. I based myself on the example implementation that is provided in their repository


When you say “that method”, are you referring to certificate.downloadChain();, or the entire example, which includes both certificate.download(); and certificate.downloadChain();? The latter will only give you the intermediate.

If you’re calling CertificateUtils.writeX509CertificateChain(fw, cert, chain);, and cert is null for some reason (maybe an exception that’s caught and ignored?), you’d end up with a file like the one you got, containing only the intermediate certificate. My best guess is that you’re missing a step (or have a bug) in your calling code, but I couldn’t say for sure without seeing the relevant code.


I only have the .download() as I maybe wrongly presumed that .downloadchain() gives me the complete chain including the signed certificate. Afterwards I store Certificate[0] in a java KeyStore


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.