I have a root CA on a HSM2 with m-of-n authentication. I could successfully sign an intermediate CA requested by Vault, but could not sign an other intermediate CA requested by ADCS.
Steps to reproduce
I did the following:
- authenticate onto the CA token with the quorum
- in the navbar, click on “Home”, then "Request Certificate (PKCS#10)
- in the dropdown, choose the CA and click “Start Request”
- browse for the desired csr and click “Upload”
Expected results
Intermediate CA parameters are shown for approval
Actual results
An error message is displayed: “End of buffer”
Docker logs:
789404517 [qtp1526298704-19] INFO pki-as-a-service.ui.CAGUI - GET /paas
789405873 [qtp1526298704-12] INFO pki-as-a-service.ui.CAGUI - GET /paas/sr/new?process=PKCS10ServiceRequest
789435518 [qtp1526298704-16] INFO pki-as-a-service.ui.CAGUI - POST /paas/sr/new?process=PKCS10ServiceRequest
789435552 [qtp1526298704-19] INFO pki-as-a-service.ui.CAGUI - GET /paas/sr/9
789441235 [qtp1526298704-12] INFO pki-as-a-service.ui.CAGUI - POST /paas/sr/9
789441242 [qtp1526298704-12] INFO pki-as-a-service.ui.ServiceRequestController - postProcessAction action.pkcs10.upload
789441246 [qtp1526298704-12] ERROR pki-as-a-service.processes.PKCS10RequestModel - End of buffer
Is there something I can do to sign .csr emitted by ADCS?