Hi, You can set these parameters in the ca.conf file located in the /opt/openca/etc/openca/servers folder. and also in some files inside /opt/openca/etc/openca/openssl and /opt/openca/etc/openca/openssl/openssl where you can change the required number or characters in a field.
Regards, Anil Aliyan ----- Original Message ----- From: "John A. Sullivan III" <jsulli...@opensourcedevel.com> To: "Users' Help and Suggestions" <openca-users@lists.sourceforge.net> Sent: Thursday, January 29, 2009 11:04 AM Subject: Re: [Openca-Users] ISO country code length - Conflictingerror messages > On Wed, 2009-01-28 at 20:58 -0800, xv wrote: >> I will get this out of the way - I'm using openca-base-1.0.2 and >> openca-tools-1.1.0 running on Debian (compiled myself - painstakingly) , >> with MySQL 5.0.51. >> >> Im am trying to create the Initial CA Administrtor. I enter in the >> information as requested and for the users Contact Information I give the >> Country as "US" (two characters). I click continue and get an error >> message >> stating: >> >> ⋅ Country - Error (min. 3) >> >> 3 characters minimum. Ok, so I use USA and I'm able to move through the >> next >> couple screens. I finally get to the Certificate Request Summary page and >> click "Generate Request". I now get this error: >> >> Error Code: 7211021 >> Cannot create request! >> >> (OpenCA::REQ->new: Cannot create new request. Backend fails with >> errorcode >> 7712071. OpenCA::OpenSSL->genReq: Cannot execute command (7777067). >> problems >> making Certificate Request >> 12866:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string >> too >> long:a_mbstr.c:154:maxsize=2 error in req) >> >> According to this openca FAQ it is related to the Country Code being to >> long >> (see the very last question at the bottom of the page - 2.16): >> >> http://www.openca.org/~madwolf/apes02.html >> >> I have entered in various country names of different length (US, USA, >> FRANCE, ITALY) and I am always caught in the same catch 22 %-| - does >> anyone have an idea of how to resolve this? >> >> Thank you in advance!!! >> >> > Hmm . . . I'm not sure where this is set when initializing. In one case > I was migrating an old PKI and so had the keys and certs already and in > the other we used domain components instead of countries so I haven't > encountered this. > > I think the setup has changed in 1.0.2 and the initial information is > controlled by etc/openca/auth_browser_req.xml. Look for the > ADDITIONAL_ATTRIBUTE_COUNTRY input and the <minlen> tag. I bet it is > set to 3 instead of 2. Change it in the template > (auth_browser_req.xml.template) and rerun configure_etc.sh. That may do > it for you. > > This smells like a simple bug to fix. Would the developers kindly take > note. Then again, they know a thousand times more about this than I do! > Hope this helps - John > -- > John A. Sullivan III > Open Source Development Corporation > > Street Preacher: Are you SAVED?????!!!!!! > Educated Skeptic: Saved from WHAT?????!!!!!! > Educated Believer: From our selfishness that hurts the ones we love > and condemns us to an eternity of hurting each other. > http://www.spiritualoutreach.com > Christianity that makes sense > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
