Openssl self signed certificate creation fails if namespace name is long

Hi,

I have given a long namespace name lets say more than 30 chars. In that case, OpenSSL fails because CN/SAN names go beyond defined limit of 64 chars for OpenSSL.

My deployment has a statefulset with 2 pods in it.

Certificate creation error:
problems making Certificate Request
140508779308864:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:109:maxsize=64

cat /etc/hosts

Kubernetes-managed hosts file.

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
192.168.xx.xx **fqdn-deplo-0.**fqdn-deplo-svc-hl.creatingabignamespacetobreakthefqdn.svc.cluster.local fqdn-deplo-0

How can I get around this? Any suggestions.

podname: fqdn-deplo-0
namespace: creatingabignamespacetobreakthefqdn

Regards,
Sunil

1 Like