Error creating CSR with config.cnf openssl

Question

I am trying to create a CSR using Openssl with predefined configuration. This is for the purpose of government E-Invoice recomendations in Saudi. I have successfully created Public and Private key. But when creating CSR it's showing error as below:

Error checking request extension section req_ext
FC620000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto\objects\obj_dat.c:438:
FC620000:error:05800077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:crypto\x509\x509name.c:252:name=registerAddress
FC620000:error:11000095:X509 V3 routines:a2i_GENERAL_NAME:dirname error:crypto\x509\v3_san.c:564:
FC620000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=req_ext, name=subjectAltName, value=dirName:alt_names

My config.cnf file data is as below:

oid_section = OIDs
[OIDs]
certificateTemplateName = 1.3.6.1.4.1.311.20.2

[req]
default_bits = 2048
emailAddress = [email protected]
req_extensions = v3_req
x509_extensions = v3_ca
prompt = no
default_md =sha26
req_extensions = req_ext
distinguished_name = dn


[dn]
C = SA
OU = Ryiad Branch
O = Jarir
CN = 127.0.0.1

[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment

[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:ZATCA-Code-Signing
subjectAltName = dirName:alt_names

[alt_names]
SN=1-AcmeInc|2-EGSUnit|3-123456789
UID=310122393500003
title=1100
registerAddress=MyAddress
businessCategory=Acme Industry

I tried all possible settings related to config file. I am new to Openssl and don't have enough knowledge about this.

Answer 1

I am currently integrating with ZATCA as well. It's a bit late but I faced similar error Error Loading request extension section req_ext. I got it solved by putting the line req_extensions = req_ext before the line req_extensions = v3_req. Consider it as the extension req_ext is causing you the error as well.

Edit: Look at my config.cnf file. Note that the fields with __fieldName are fillable. For example __emailAddress shall be replaced with [email protected] and so on

oid_section=OIDS
[ OIDS ]
certificateTemplateName= 1.3.6.1.4.1.311.20.2
[req]
default_bits=2048
emailAddress=__emailAddress
req_extensions=v3_req
x509_extensions=v3_Ca
prompt=no
default_md=sha256
req_extensions=req_ext
distinguished_name=dn
[dn]
CN=__commonName
C=__country
OU=__organizationalUnitName
O=__organizationName
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN=__serialNumber
UID=__vatNumber
title=__invoiceType
registeredAddress=__registeredAddress
businessCategory=__businessCategory