This forum has been archived. Please start a new discussion on GitHub.

IceSSL setup ca with python tools


i try to create an CA for my IceSSL Plugin usage but everytime i try to use an
different dn for the CA certificate which is filled with more information i get an error:

[root@localhost ca]# python --overwrite
This script will initialize your organization's Certificate Authority (CA).
The CA database will be created in /opt/ca/ca
Warning: running this command will destroy your existing CA setup!
Do you want to continue? (y/n)y
The subject name for your CA will be
CN=Grid CA , O=GridCA-localhost.localdomain
Do you want to keep this as the CA subject name? (y/n) [y]n
Country name:Germany
Common name:TEST CA
Organization name:KIM
State or province name:
Organization unit name:
The subject name for your CA will be
C=Germany , CN=TEST CA , L=Somewhere , O=KIM
Do you want to keep this as the CA subject name? (y/n) [y]
Enter the email address of the CA: root@localhost
Generating configuration files... ca.cnf sign.cnf req.cnf ok
Generating a 2048 bit RSA private key
writing new private key to '/opt/ca/biss/ca/db/ca_key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
problems making Certificate Request
11452:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2
openssl command failed
[root@localhost ca]#

Seems the error depends on the length of the dn.

Hope someone can help me!

Thanks in advance

Thomas Krieger


  • matthew
    matthew NL, Canada
    The country name can only be two characters. You should use the ISO 3166 abbreviation which can be found here.