George, Thank you very much, that was the information I needed, I simply shortened the system name and everything after that worked. The system name was some stupid name my ISP's router was giving my machine, and yes it was over 64 bytes long. Though that in itself wasn't enough. But after looking at the script a bit, it appears that that 64 bytes, plus all the other pieces that go into generating the keys, well exceeded the 255 limit. So I just shortened the name like I said and all is well.
Thank you again. Shawn Hope to beable to return the favor to another. ----- Original Message ----- From: "George A. Theall" <[EMAIL PROTECTED]> To: "Shawn Saunders" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 10, 2003 9:54 AM Subject: Re: nessus-mkcert failing On Mon, Feb 10, 2003 at 09:08:44AM -0800, Shawn Saunders wrote: > 1421:error:0D11A0A3:asn1 encoding routines:ASN1_mbstring_copy:string too > long:a_mbstr.c:154:maxsize=64 The hostname on that box is rather long, isn't it? If so, the problem arises because the nessus-mkcert script adds the hostname to the string "Certification Authority for " and uses that for the organizationalUnitName when generating the certificate request. I believe the maximum length of that is 64 characters, by default. One quick work-around then would be to edit your script and globally remove the strings " for $hostname"; there are two places it's actively used - once with the certificate authority and another with the server certificate. You may also be able to fix the problem by setting organizationalUnitName_min and organizationalUnitName_max in the nessus-mkcert script. George -- [EMAIL PROTECTED]
