On 8 May 2013, at 3:10 AM, Cipriano Groenendal - Byte Internet wrote: > Hey all, > > I'm trying to create a CSR using a very long organizationName, but I keep > getting the message > > 140605698299560:error:0D07A097:asn1 encoding > routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64 > > I've tried using a local config and in the [ req_distinguished_name ] section > setting organizationName_max = 128 and 0.organizationName =128, but neither > seem to do the trick [1]. Does anyone know a way to encode these long strings > into a CSR?
It looks like RFC3280 specifies that organization names not be longer than 64 characters, and openssl is enforcing that limit. You could probably edit the limits in crypto/asn1/a_strnid.c and recompile, if you wanted to make a cert with a longer (but not PKIX conformant) name. I don't know how other software would react to this --- probably it would work just fine, but... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
