Created on 05-15-2017 10:21 PM
Affected versions:
1.2.x, 1.3.0
Symptoms:
2-way ssl setup fails with an error as given below. This error message is available in hst-server.log or hst-gateway.log
INFO 2016-08-25 06:16:00,690 security.py:182 - Agent key not exists, generating request INFO 2016-08-25 06:16:00,691 security.py:242 - openssl req -new -newkey rsa:1024 -nodes -keyout "/var/lib/smartsense/hst-agent/keys/hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key" -subj /OU=hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net/ -out "/var/lib/smartsense/hst-agent/keys/hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.csr" was finished with exit code: 1 - an error occurred parsing the command options. INFO 2016-08-25 06:16:00,711 security.py:188 - Agent certificate not exists, sending sign request
Reason:
openssl does not support SubjectName longer than 64 chars. SubjAltName should be used for longer host names.
#openssl req -new -newkey rsa:1024 -nodes -keyout "./hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key" -subj /OU=hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net/ -out "./hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.csr" Generating a 1024 bit RSA private key ............++++++ ....++++++ writing new private key to './hdp1-hrdd-vm1.akrocl34v0sjr9flwro4laslcd.gx.internal.cloudapp.net.key' -----
problems making Certificate Request
140615247652520:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64
Solution:
This fix to use SubjAltName for longer names is available in 1.3.1. Upgrade from 1.2.x or 1.3.0 to 1.3.1 or above.