Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-21252

Hostnames longer than 64 characters fail with a cryptic error

XMLWordPrintable

    • Rocket
    • False
    • Low
    • sat-rocket
    • None
    • None
    • None
    • None

      When using a long hostname, such as redhat-vm-a6dddba8-7cb2-11ee-81ea-0a580a810e0c.4ugcs33ca35ufajid5bu2poi5h.bx.internal.cloudapp.net the installer fails with:

      2023-11-06 15:57:14 [ERROR ] [configure] Execution of '/bin/katello-ssl-tool --gen-ca --dir /root/ssl-build -p file:/etc/pki/katello/private/katello-default-ca.pwd --force --ca-cert-dir /etc/pki/katello-certs-tools/certs --set-common-name redhat-vm-a6dddba8-7cb2-11ee-81ea-0a580a810e0c.4ugcs33ca35ufajid5bu2poi5h.bx.internal.cloudapp.net --ca-cert katello-default-ca.crt --ca-key katello-default-ca.key --ca-cert-rpm katello-default-ca --set-country US --set-state North Carolina --set-city Raleigh --set-org Katello --set-org-unit SomeOrgUnit --set-email  --cert-expiration 36500' returned 11: ERROR: Certificate Authority public SSL certificate generation failed:
2023-11-06 15:57:14 [ERROR ] [configure] 
2023-11-06 15:57:14 [ERROR ] [configure] problems making Certificate Request
2023-11-06 15:57:14 [ERROR ] [configure] 140206853097280:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:107:maxsize=64

      The problem is that a common name may at most be 64 characters, per https://datatracker.ietf.org/doc/html/rfc5280#appendix-A.1 (look for ub-common-name-length). The subjectAltName has a limit of 255 so it doesn't suffer from this, but we rely on the CN in various places.

      We can provide a better error to the user.

              Unassigned Unassigned
              sat-sganar Shubham Ganar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: