生成自签名证书字符串太长时的OpenSSL Config错误 [英] OpenSSL Config error when generating self-signed certificate string too long
本文介绍了生成自签名证书字符串太长时的OpenSSL Config错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用以下OpenSSL Config
With the following OpenSSL Config
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = drone-ci-web.company.com.key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
prompt = no
encrypt_key = no
[ subject ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Missouri
localityName = Locality Name (eg, city)
localityName_default = Jefferson City
organizationName = Organization Name (eg, company)
organizationName_default = My Company
organizationalUnitName = Organizational Unit (eg, team)
organizationalUnitName_default = My Company Technologies
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = drone-ci-web.company.com
emailAddress = Email Address
emailAddress_default = DL_EMAIL_LIST@company.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "Drone-CI - OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "Drone-CI - OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = drone-ci-web.company.com
我运行以下命令:
sudo openssl req -x509 -config drone-ssl.cnf -new -out drone-ci-web.company.com.cert.pem
,我收到以下错误消息:
and I get the following error:
vagrant@jonspc ~]$ sudo openssl req -x509 -config drone-ssl.cnf -new -out drone-ci-web.ccompany.com.cert.pem
Generating a 2048 bit RSA private key
..............................................................................................................+++
....................+++
writing new private key to 'drone-ci-web.company.com.key.pem'
-----
problems making Certificate Request
140184216713104:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:158:maxsize=2
从我认为它告诉我的内容来看,它尝试使用的字段之一是太长",并且只有两个字符,但是从我继续阅读的内容来看,countryName_default
应该覆盖countryName
并使其接受默认值.
From what I think its telling me, one of the fields its trying to use is "Too long" and is only two characters, but from what I keep reading, the countryName_default
should override the countryName
and make this accept the value given for default.
OpenSSL和操作系统信息:
OpenSSL and Operating System information:
[vagrant@jonspc ~]$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[vagrant@jonspc ~]$ cat /etc/oracle-release
Oracle Linux Server release 7.5
[vagrant@jonspc ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
但是,如果我删除_default
行并再试一次,则此操作将通过以下配置成功完成.
HOWEVER, if I remove the _default
lines and try again, this succeeds with the following config.
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = drone-ci-web.company.com.key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
prompt = no
encrypt_key = no
[ subject ]
countryName = US
stateOrProvinceName = Missouri
localityName = Jefferson City
organizationName = My Company
organizationalUnitName = My Company Technologies
commonName = drone-ci-web.company.com
emailAddress = DL_EMAIL_LIST@company.com
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "Drone-CI - OpenSSL Generated Certificate"
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alternate_names
nsComment = "Drone-CI - OpenSSL Generated Certificate"
[ alternate_names ]
DNS.1 = drone-ci-web.company.com
这适用于以下输出.
[vagrant@jonspc ~]$ sudo openssl req -x509 -config drone-ssl.cnf -new -out drone-ci-web.company.com.cert.pem
Generating a 2048 bit RSA private key
..............+++
..............+++
writing new private key to 'drone-ci-web.company.com.key.pem'
-----
推荐答案
查看全文