string too long / problems making Certificate Request

Andreas Schuldei Fri, 15 Dec 2000 18:25:47 -0800
I am not on this list, please cc: me.


I try to generate several certivicates automatically. I avoid typing in the
info for the Certificate Request by a trick i found in the archives.

This is a part of my shell script:

###################################################

(cat << EOF
[ req ]
default_bits                = 2048
distinguished_name          = req_DN

[ req_DN ]
countryName                 = "Country Name"
countryName_value           = $ENV::CERT_COUNTRY
localityName                = "Locality Name"
localityName_value          = $ENV::CERT_LOCALITY
organizationName            = "Organisation"
organizationName_value      = $ENV::CERT_ORG
commonName                  = "Common Name"
commonName_value            = $ENV::CERT_CN

[ x509v3 ]
subjectAltName              = "me@work"
subjectAltName_value        = $ENV::CERT_EMAIL
EOF
)> local_openssl.conf

# key and cert for the CA

export CERT_COUNTRY="se"
export CERT_LOCALITY="a" #"${NAME[0]}"
export CERT_ORG="b" #Frontyard
export CERT_CN="q" #"${IP[0]}"
export CERT_EMAIL="c" #"[EMAIL PROTECTED]"


    openssl genrsa -out /etc/ssl/private/ca.key 128
    openssl req -new -key /etc/ssl/private/ca.key \
        -out /etc/ssl/private/ca.csr -config local_openssl.conf
    openssl x509 -req -days 31 -in /etc/ssl/private/ca.csr \
        -signkey /etc/ssl/private/ca.key -out /etc/ssl/ca.crt

###########################################################

This generats this output on my xterm:

./mkconf.sh 
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 128 bit long modulus
..+++++++++++++++++++++++++++
...+++++++++++++++++++++++++++
e is 65537 (0x10001)
Using configuration from local_openssl.conf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name []:::CERT_COUNTRY
problems making Certificate Request
3947:error:0D11A0A3:asn1 encoding routines:ASN1_mbstring_copy:string too 
long:a_mbstr.c:154:maxsize=2
/etc/ssl/private/ca.csr: No such file or directory
mkdir: cannot create directory `schuldei': File exists


and nothing but my local key was generated. 


What is the problem? 

I am not on this list, please cc: me.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
string too long / problems making Certificate Request

Reply via email to
