Community Articles

Affected versions:

1.2.x, 1.3.0

Symptoms:

2-way ssl setup fails with an error as given below. This error message is available in hst-server.log or hst-gateway.log

INFO 2016-08-25 06:16:00,690 security.py:182 - Agent key not exists, generating request
INFO 2016-08-25 06:16:00,691 security.py:242 - openssl req -new -newkey rsa:1024 -nodes -keyout "/var/lib/smartsense/hst-agent/keys/hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key" -subj /OU=hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net/ -out "/var/lib/smartsense/hst-agent/keys/hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.csr" was finished with exit code: 1 - an error occurred parsing the command options.
INFO 2016-08-25 06:16:00,711 security.py:188 - Agent certificate not exists, sending sign request 

Reason:

openssl does not support SubjectName longer than 64 chars. SubjAltName should be used for longer host names.

#openssl req -new -newkey rsa:1024 -nodes -keyout "./hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key" -subj /OU=hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net/ -out "./hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.csr"
Generating a 1024
bit RSA private key ............++++++
....++++++ writing new
private key to './hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key' ----- 

problems making Certificate Request

140615247652520:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64

Solution:

This fix to use SubjAltName for longer names is available in 1.3.1. Upgrade from 1.2.x or 1.3.0 to 1.3.1 or above.