You might wish to reduce the length of your Common Name fields. The fields are described in X.509 and in RFC 5280, as well as their maximum lengths.
My suggestion would be to delete all of the keys and certificates you made, and start from ground zero with shorter names in your original request. You could also try looking at CA.pl, which automates many of the issues surrounding a CA. -Kyle H On Thu, Sep 4, 2008 at 7:39 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi all, > I want generate a private key and certificate using openssl commands > Earlier I was generating both these files using > openssl req -config /usr/local/ssl/openssl.cnf -new -x509 -keyout > private/cakey.pem -out cacert.pem -days 365 > That time I was getting the error "asn1 encoding > routines:ASN1_get_object:header too long:asn_lib.c" > Then I started creating private key using the command > openssl genrsa > cakey.pem > and I was using certificate file from the above command. > > Now I get the errors > 14478:error:0B080074:x509 certificate routines:X509_check_private_key:key > values mismatch:x509_cmp.c:399: > 14478:error:2107207F:PKCS7 routines:PKCS7_decrypt:private key does not match > certificate:pk7_smime.c:465: > > Both these errors indicate mismatch between private key and the certificate > file > Please suggest me any method to generate both these files such that I get the > error free response. > > Thanks in advance to all of you > Please help me > Regards, > Abhishek > > ________________________________________ > Public email at Nabble.com > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
