Environment
Privileged Account Manager
Situation
Unable to create a Certificate Signing Request (CSR) from the Hosts Console
The following browser dialog error when requesting a certificate for the framework manager console:
Failed to create certificate request
The following is found in the unifid.log:
Error, Error adding attribute countryName to request
Info, SSL Error: error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long
Info, admin certRequest client:localhost user:admin@<hostname>(137.65.60.249) rc:0 status:500(Failed to create certificate request) (66ms)[42078208:42078208]<90112><327680>
Info, SSL Error: error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long
Info, admin certRequest client:localhost user:admin@<hostname>(137.65.60.249) rc:0 status:500(Failed to create certificate request) (66ms)[42078208:42078208]<90112><327680>
Resolution
The Country field of a Certificate Signing Request should be a 2-character ISO format country code.
More details can be found from documentation provided by the Certificate Authority (CA).
The following is a list of SSL Certificate Country Codes provided by Digicert as an example:
Cause
Invalid details provided in conflict with the certificate authority documentation.