OpenSSL: first num too large - what does it mean and how to have it fixed?

Question

Here're my command to generate the certificate

 root@porteus:/mnt/sda1/porteus/base# openssl version 
 OpenSSL 1.0.2o 27 Mar 2018
 root@porteus:/mnt/sda1/porteus/base# openssl req -new -out wso2.csr -newkey rsa:2048 -nodes  -sha256 -keyout wso2.key -config /tmp/req.conf

 Error Loading extension section v3_req 2828282292:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108: 2828282292:error:2206706E:X509 V3
 routines:V2I_EXTENDED_KEY_USAGE:invalid object identifier:v3_extku.c:142:section:,name:clientAtuth,value: 2828282292:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=extendedKeyUsage, value=serverAuth, clientAtuth

Here's the /tmp/req.conf

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = RU
ST = Moscow
L = Moscow
O = "Credit Swiss"
OU = IT
CN = wso2.endocs.ru
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAtuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = wso2.endocs.ru

What does it want and how to have the issue resolved?

You have a spelling error in "clientAuth". Perhaps related to that? — Matt Caswell, Sep 23 '20 at 21:52
@MattCaswell i think you hit bullseye , error message indicating the same *routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=extendedKeyUsage, value=serverAuth, clientAtuth* — confused genius, Sep 24 '20 at 04:51

score 1 · Answer 1 · answered Sep 24 '20 at 08:50

As identified by @MattCaswell above ,

cat openssl.cnf | grep extendedKeyUsage
extendedKeyUsage = serverAuth, clientAtuth

openssl req -new -out wso2.csr -newkey rsa:2048 -nodes  -sha256 -keyout wso2.key -config openssl.cnf

Error Loading request extension section v3_req
140460060510096:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108:
140460060510096:error:2206706E:X509 V3 routines:V2I_EXTENDED_KEY_USAGE:invalid object identifier:v3_extku.c:142:section:,name:clientAtuth,value:
140460060510096:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=extendedKeyUsage, value=serverAuth, clientAtuth

After correcting the typo:

 cat openssl.cnf | grep extendedKeyUsage
extendedKeyUsage = serverAuth, clientAuth


 openssl req -new -out wso2.csr -newkey rsa:2048 -nodes  -sha256 -keyout wso2.key -config openssl.cnf
Generating a 2048 bit RSA private key
.......................................+++
............................+++
writing new private key to 'wso2.key'
-----

OpenSSL: first num too large - what does it mean and how to have it fixed?

1 Answers1