Currently, CFSSL fails on certain input CSRs. Specifically, requests with the "challengePassword" field cause CFSSL to return:
{"code":1003,"message":"asn1: structure error: sequence tag mismatch"}

Test data can be created with:
openssl req -nodes -newkey rsa:2048
with strings set for either of the two following fields:

• A challenge password []:
• An optional company name []: