On Wed, 2009-01-28 at 20:58 -0800, xv wrote:
> I will get this out of the way - I'm using openca-base-1.0.2 and
> openca-tools-1.1.0 running on Debian (compiled myself - painstakingly) ,
> with MySQL 5.0.51.
>
> Im am trying to create the Initial CA Administrtor. I enter in the
> information as requested and for the users Contact Information I give the
> Country as "US" (two characters). I click continue and get an error message
> stating:
>
> ⋅ Country - Error (min. 3)
>
> 3 characters minimum. Ok, so I use USA and I'm able to move through the next
> couple screens. I finally get to the Certificate Request Summary page and
> click "Generate Request". I now get this error:
>
> Error Code: 7211021
> Cannot create request!
>
> (OpenCA::REQ->new: Cannot create new request. Backend fails with errorcode
> 7712071. OpenCA::OpenSSL->genReq: Cannot execute command (7777067). problems
> making Certificate Request
> 12866:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too
> long:a_mbstr.c:154:maxsize=2 error in req)
>
> According to this openca FAQ it is related to the Country Code being to long
> (see the very last question at the bottom of the page - 2.16):
>
> http://www.openca.org/~madwolf/apes02.html
>
> I have entered in various country names of different length (US, USA,
> FRANCE, ITALY) and I am always caught in the same catch 22 %-| - does
> anyone have an idea of how to resolve this?
>
> Thank you in advance!!!
>
>
Hmm . . . I'm not sure where this is set when initializing. In one case
I was migrating an old PKI and so had the keys and certs already and in
the other we used domain components instead of countries so I haven't
encountered this.
I think the setup has changed in 1.0.2 and the initial information is
controlled by etc/openca/auth_browser_req.xml. Look for the
ADDITIONAL_ATTRIBUTE_COUNTRY input and the <minlen> tag. I bet it is
set to 3 instead of 2. Change it in the template
(auth_browser_req.xml.template) and rerun configure_etc.sh. That may do
it for you.
This smells like a simple bug to fix. Would the developers kindly take
note. Then again, they know a thousand times more about this than I do!
Hope this helps - John
--
John A. Sullivan III
Open Source Development Corporation
Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
