Comments (9)
I've tried to change the
EASYRSA_DN
to cn_only
then change the commonName_max
of cn_only
to 128 in openssl-easyrsa.cnf
still,the error exists:
Using SSL:
* openssl OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
-----
Error making certificate request
4077017C547F0000:error:06800097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:106:maxsize=64
from easy-rsa.
Also, try changing easyrsa:6242
:
commonName_max = 64
from easy-rsa.
Also, try changing
easyrsa:6242
:commonName_max = 64
have you tried? I can't make it work
from easy-rsa.
The max appears to be 64.
from easy-rsa.
your CloudConnexa of OpenVPN allows a common name to longer than 64 bytes
from easy-rsa.
The EasyRSA commonName
64 character limit is sufficient for sensible requirements.
from easy-rsa.
Taking ASCII characters 0-9
and a-z
gives a naming pool of:
36^64 = 4×10⁹⁹
More than enough.
from easy-rsa.
Taking ASCII characters
0-9
anda-z
gives a naming pool of:36^64 = 4×10⁹⁹
More than enough.
If you use OpenVPN web auth, you will find out that every device has a device ID in the form of UUID, which is 36 bytes long
to distinguish every device with different devices with different common name, usually an enterprise email address is prefixed as a part of a common name, Just like what CloudConnexa of OpenVPN does.
for example
[email protected]/2BB779C3-7765-46AA-9EB2-8E9BFC0500D8
tata, exceed 64bytes~
from easy-rsa.
CloudConnexa obviously have their own solution.
from easy-rsa.
Related Issues (20)
- mandatory SAN HOT 16
- EasyRSA Behavior Change - 3.0.8 - 3.2.0 - EASYRSA_REQ_CN / --req-cn /--subject-alt-name HOT 18
- LibreSSL: `build-*-full` uses an incorrect SSL config file HOT 1
- UT failure from `easyrsa-tools.lib` for command `show-expire`
- Importing the CA certificates for OpenVPN clients and internal domains. HOT 1
- Outline use and expansion of `openssl-easyrsa.cnf` HOT 1
- Windows 7: `gen-crl` always prompts for over-write
- `display_dn()`: Remove unnecessary subshell
- `sign-req`: `--cop-ext` is removed by `--force-safe-ssl`
- Command `write`: Allow to specify target file instead of directory
- Use of `revoke` when `revoke-expired` is intended
- one location HOT 1
- Command `revoke` must not move key and request files
- `gen-req` overwrites an existing request without confirmation
- Need Guide for Upgrading 3.0.8 to 3.1.1 HOT 1
- Understanding how to renew/revoke HOT 2
- subjectAltName should be mandatory HOT 6
- Generate client certs and keys non-interactively on Windows HOT 3
- Consider re-adding `renew` for v3.2.1 - Only v3.2.0 does not have `renew`
- Signing a CSR gives strange result HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.