Openssl: 1.1.1: certificate-request genaration fails if 'STate' or 'OrganizationUnit' is empty

Created on 13 Sep 2018  路  4Comments  路  Source: openssl/openssl

When trying to generate a certificate request, If either 'STate' or 'OrganizationUnit' is empty, I get this error-message:
1:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:crypto/asn1/a_mbstr.c:100:minsize=1
The same command works perfectly in 1.0.2

picture lzsiga

Most helpful comment

Instead of /ST=/, you should just drop it. They both have a
minimum requirement of a length of 1. But there is no reason to
add them if you don't need them.

picture kroeckx on 13 Sep 2018
👍3

All 4 comments

What was the command that you used?

mattcaswell picture mattcaswell on 13 Sep 2018

Failed command:

openssl req -reqexts v3_req \
  -nodes -verbose -new -out machine2.csr.pem -config certgen.tmp \
  -subj /C=HU/ST=/L=Budapest/O=ZSIN/OU=/CN=machine/[email protected] \
  -newkey rsa:2048 -keyout machine2.key.pem

working version (with ST=XX,OU=XX):

openssl req -reqexts v3_req \
  -nodes -verbose -new -out machine2.csr.pem -config certgen.tmp \
  -subj /C=HU/ST=XX/L=Budapest/O=ZSIN/OU=XX/CN=machine/[email protected] \
  -newkey rsa:2048 -keyout machine2.key.pem
lzsiga picture lzsiga on 13 Sep 2018

Instead of /ST=/, you should just drop it. They both have a
minimum requirement of a length of 1. But there is no reason to
add them if you don't need them.

kroeckx picture kroeckx on 13 Sep 2018
👍3

Thank you, kroeckx, that helped.

lzsiga picture lzsiga on 13 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Legends picture Legends  路  3Comments
p-mongo picture p-mongo  路  3Comments
nmtitov picture nmtitov  路  3Comments
shrimpwagon picture shrimpwagon  路  3Comments
richsalz picture richsalz  路  3Comments