'Can't create google CA certificate via google client library

Getting an error error parsing CSR: ToCertificateRequest: nil DER when decoding PEM

The same CSR works when using the gcp console

3 INVALID_ARGUMENT: error parsing CSR: generic:
:invalid_argument: error parsing CSR: ToCertificateRequest: nil DER when decoding PEM: 
-----BEGIN CERTIFICATE REQUEST-----\n      
MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n      
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n      
AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n      
OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n      
6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n      
P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n      
Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n      
lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n      
SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n      
tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n      
s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n      
PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n      
v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n      
KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n      
-----END CERTIFICATE REQUEST-----

Environment details

  • OS:
  • Node.js version: 14.19.0
  • @google-cloud/security-private-ca version: 3.1.0

Steps to reproduce

  1. Generate a csr using openssl openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr
  2. cat MYCSR.csr
  3. Send that csr in a createCertificate request:
  return await client.createCertificate({
    parent: '/path/to/pool',
    certificate: {
      name: 'my cert',
      lifetime: {
        seconds: 31536000, // 1 year
      },
      pemCsr: `-----BEGIN CERTIFICATE REQUEST-----
      MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
      ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
      AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk
      OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9
      6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK
      P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl
      Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo
      lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG
      SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy
      tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz
      s/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG
      PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK
      v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun
      KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g
      -----END CERTIFICATE REQUEST-----`,
    },
  });


Solution 1:[1]

Was a formatting issue, fixed by concatenating lines

        '-----BEGIN CERTIFICATE REQUEST-----\n' +
        'MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n' +
        'ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN\n' +
        'AQEBBQADggEPADCCAQoCggEBALkC6uLhfZbLJRWByF4McIxcrCVV+AaCjLhj9qjk\n' +
        'OdmW4zYcIaRgjSnz6tqEd7IF7ne6VS/Q6gzYp9MDjIiX8aauteOBD55YprE9tnI9\n' +
        '6K6TQv4qwyP+t8ktN34qmrLhxXSdH5zPaUGRR6wPvMkttgF5yxgLnUshyQuMbleK\n' +
        'P7ycwiJ/z9gvyPbqvThPo0dbt8fVcpzzR6ChfPKYoiRsdTqCHVfN3B8ZG3vh99rl\n' +
        'Q5fTBbLEXD/OKoMjvXw/ZLC3FpwmLMdkFj5LbVEsQHuc8/YNH4wm/VsTNQ7ytQMo\n' +
        'lc2rskmS941Tc8f5eaYA1IF3cmukQyUm5+eI7ziucb2UDPcCAwEAAaAAMA0GCSqG\n' +
        'SIb3DQEBCwUAA4IBAQBpkSmxo8dCEuBbYIuzpV7aAHyF+xX9pxPNrzLBvK5fgUpy\n' +
        'tu2ym8iSiIcxAqfrCJ9AETtZ+GkYEfxH+zngCDXKkPpi8ggDOllYO7pSKQTJJQXz\n' +
        's/lueYGNFe5UCJdUCv9OBei+pH64ypp2f64ldRdZzJcmZuH0Fuc1MxCGvhOSIlKG\n' +
        'PDaMKOwL4VVvbBeRyoaag8MgZZgBaVKIQsN6vNVmluKUoFkf0L5vtuaICpxU3tPK\n' +
        'v4kJaOQR3eGWiNmn7X+jaDptlEaER9WDxDscjEabqKJdqZtKWkXo7FASWoLTOmun\n' +
        'KsSyBpVO3AAmurlrzZA/lFb229dkV59zeLmruz4g\n' +
        '-----END CERTIFICATE REQUEST-----',

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 millarnui