On 15:33 Mon 24 Jul , Dmitrij Mironov wrote:
> Thank you Nicolas for very clear and detailed answer, I'm very appreciated.
>
> Unfortunately it didn't saves me ;o( Is it realy not possible to put more
> than 64 characters in O= field?
It seems not to be a limitation of OpenCA. You can test it with :
$ echo -n '/C=US/O=' > subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo -n 0123456789 >> subject.txt
$ echo '/OU=MyOU/CN=test' >> subject.txt
$ openssl req -x509 -newkey rsa:512 -noout -nodes -subj "$(cat subject.txt)"
You should obtain something like this :
Generating a 512 bit RSA private key
...++++++++++++
..++++++++++++
writing new private key to 'privkey.pem'
-----
problems making Certificate Request
19296:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:
string too long:a_mbstr.c:154:maxsize=64
So, the questions are : Is it a limitation of the ASN1 format ? of the
X509 certificates ? of OpenSSL ?
Maybe does somebody else know more about that ? Maybe on the OpenSSL
mailing list ?
If you get the answer, don't forget to post it here !
Nicolas.
PS : If it's a limitation of the X509 certificates, just asks your
client to shorten its name, your concurrents would have done the same !
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
