As described in Strimzi#1694, openSSL cannot create TLS users with username (=> the CN in the certificate subject) longer than 64 characters. Fixing that would be fairly complicated, so at this point we should at least do a real error handling for it.