sorry the error is: # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem Generating a 2048 bit RSA private key ..............+++ .......................................................+++ writing new private key to 'private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Verify failure Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- problems making Certificate Request 1993:error:0B083077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:/usr/src/lib/libssl/src/crypto/x509/x509name.c:285:name=countryName_min #
________________________________ ~~Kalyan-mastu~~ ----- Original Message ---- From: badeguruji <[EMAIL PROTECTED]> To: Nick Guenther <[EMAIL PROTECTED]>; OpenBSD-Misc <[email protected]> Sent: Sunday, December 9, 2007 7:15:13 PM Subject: Re: error while creating CA Thank you Nick. I setup default values for this section, as i read on net, but it seems it is not working like that. After i changed the value of "contryName" variable as you pointed (instead of depending on default value variable for supplying default value), it is NOT giving that error now. But now, it is giving following error: and i checked the documentation, and the variable seems to be a valid variable. I do not know why it is giving error? I am running the same command... is my config for this section ok? [ req_distinguished_name ] # options needed to generate a certificate # Variable name Prompt string #------------------------- ---------------------------------- countryName = US #Country Name (2 letter code) countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (city, district) 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) commonName = Common Name (FQDN, hostname, IP, or your name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 #original cnf file from install had 64/sample had 40 # default values for above countryName_default = US stateOrProvinceName_default = Georgia localityName_default = ATL, GA 0.organizationName_default = Fist of Iron organizationalUnitName_default = TestWebMail ________________________________ ~~Kalyan-mastu~~ ----- Original Message ---- From: Nick Guenther <[EMAIL PROTECTED]> To: OpenBSD-Misc <[email protected]> Sent: Sunday, December 9, 2007 4:53:06 PM Subject: Re: error while creating CA On 12/9/07, badeguruji <[EMAIL PROTECTED]> wrote: > Hello, > > although i have setup the default country_code to 2 characters only ("US"). I was not able to find out why, am i getting below error, while trying to setup my own CA: > > # openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem > > Generating a 2048 bit RSA private key > ..+++ > .........................................................................................+++ > writing new private key to 'private/cakey.pem' > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > ----- > problems making Certificate Request > 13175:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too long:/usr/src/lib/libssl/src/crypto/asn1/a_mbstr.c:154:maxsize=2 > # > > > here is my config file: .... > [ req_distinguished_name ] # options needed to > generate a certificate > # Variable name Prompt string > #------------------------- > ---------------------------------- > countryName = Country Name (2 letter code) > countryName_min = 2 > countryName_max = 2 ^ your country name is not set to 'US' like you think it is? -Nick
