RE: [courier-users] courier-imap mkimapdcert returns error, OpenBSD

Thu, 16 Jan 2003 02:13:12 -0800 

Hi,

I have no idea about certificates, but isn't it 
obvious to try setting OU= to some value if you are 
getting complains about the "too short string"?

Also you still haven't tell your OpenBSD and courier versions.

Here is what worked for me, you could try it as well:

[ req_dn ]
C=DE
ST=NRW
L=Bochum
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=192.168.1.1
[EMAIL PROTECTED]

Regards
Alex

> -----Original Message-----
> From: ext John Mendenhall [mailto:[EMAIL PROTECTED]]
> [EMAIL PROTECTED] wrote:
> > I wonder, what input did you provide to mkimapdcert 
> > (i.e. if there maybe some too shorts strings, less 
> > than 1 character, in the imapd file). mkimapdcert 
> > worked fine for me on OpenBSD 3.2 stable.
> > 
> > > From: ext John Mendenhall [mailto:[EMAIL PROTECTED]]
> > > ------- session:
> > > % sudo mkimapdcert
> > > Generating a 1024 bit RSA private key
> > > ...............................................++++++
> > > ..............++++++
> > > writing new private key to '/etc/ssl/private/imapd.pem'
> > > -----
> > > problems making Certificate Request
> > > 30607:error:0D07A098:asn1 encoding 
> > > routines:ASN1_mbstring_copy:string too 
> >                               ^^^^^^^^^^
> > > short:/usr/src/lib/libssl/crypto/../src/crypto/asn1/a_mbstr.c:
> > > 147:minsize=1
> >       ^^^^^^^^^
> 
> I did not provide any input to mkimapdcert.  My imapd.cnf
> file is as follows:
> 
> -----  /etc/courier-imap/imapd.cnf
> 
> RANDFILE = /usr/local/sbin/imapd.rand
> 
> [ req ]
> default_bits = 1024
> encrypt_key = yes
> distinguished_name = req_dn
> x509_extensions = cert_type
> prompt = no
> 
> [ req_dn ]
> C=US
> ST=CA
> L=San Diego
> O=Surf Utopia
> OU=
> CN=mail.surfutopia.net
> [EMAIL PROTECTED]
> 
> [ cert_type ]
> nsCertType = server
> 
> -----  EOF
> 
> Do I need to do something else, like make sure the mkimapdcert
> script knows where to look?  It just calls openssl with the
> correct path.  What else am I doing wrong?
> 
> JohnM


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to