Due to the new requirements for the CSR request format for EV certificates, you may encounter the following errors when ordering or renewing EV certificates:
Atribute Business Category is missing
Atribute Serial Number is missing
Atribute JoISoCN is missing
These errors occur due to the need to include additional data in the EV certificate, namely:
- Business Category
- Serial Number (Business Registration Number) – the registration number of the organization
- Jurisdiction State
- Jurisdiction Locality
That is, when generating a CSR via OpenSSL, the following data must be included in the signature
In some cases, you may also need to fill in additional fields, such as:
- JoILN /JurisdictionOfIncorporation Locality – city of incorporation
- JoISoPN /JurisdictionOfIncorporation StateOrProvince – region/state of incorporation
- JoISoCN /JurisdictionOfIncorporation Country* – country of incorporation
Here are instructions on how to generate a CSR request
https://files.certum.eu/documents/manual_en/Instruction_CSR_generation.pdf
To add additional fields, you need to create a special configuration for OpenSSL and load it into OpenSSL with the command:
set OPENSSL_CONF=path to the file (custom config)
For example:
set OPENSSL_CONF=C:\Program Files\OpenSSL\openssl.cnf (custom config name)
Example of openssl.cnf configuration
After entering this information, you need to stay in the same window with the same loaded configuration and enter the following command:
openssl.exe req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
You will be asked to enter your password and repeat it for verification (min. 4 characters)
Then you need to fill in the following fields, as shown in the screenshot.
