Any magic about the 64 bytes common-name length limit about easy-rsa HOT 9 CLOSED

I've tried to change the

EASYRSA_DN to cn_only

then change the commonName_max of cn_only to 128 in openssl-easyrsa.cnf
still,the error exists:

Using SSL:
* openssl OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
-----
Error making certificate request
4077017C547F0000:error:06800097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:106:maxsize=64

from easy-rsa.

Also, try changing easyrsa:6242:

commonName_max		= 64

from easy-rsa.

Also, try changing easyrsa:6242:

commonName_max		= 64

have you tried? I can't make it work

from easy-rsa.

The max appears to be 64.

from easy-rsa.

your CloudConnexa of OpenVPN allows a common name to longer than 64 bytes

from easy-rsa.

The EasyRSA commonName 64 character limit is sufficient for sensible requirements.

from easy-rsa.

Taking ASCII characters 0-9 and a-z gives a naming pool of:

36^64 = 4×10⁹⁹

More than enough.

from easy-rsa.

Taking ASCII characters 0-9 and a-z gives a naming pool of:

36^64 = 4×10⁹⁹

More than enough.

@TinCanTech

If you use OpenVPN web auth, you will find out that every device has a device ID in the form of UUID, which is 36 bytes long

to distinguish every device with different devices with different common name, usually an enterprise email address is prefixed as a part of a common name, Just like what CloudConnexa of OpenVPN does.
for example

[email protected]/2BB779C3-7765-46AA-9EB2-8E9BFC0500D8

tata, exceed 64bytes~

from easy-rsa.

CloudConnexa obviously have their own solution.

from easy-rsa.