X509 Certificate Modifying Distinguished Name Field

Question

Due to size limitation, I would like to alter OpenSSL configuration file so then I would be able to generate smaller x509 certificates. Is it possible? If so, I would like to have a Pseudo ID instead of all distinguished name fields. When I want to generate a self-signed certificate using the new modified config file, it gives me an error:

error, no objects specified in config file problems making Certificate Request 29749:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:109:

Any tip would be appreciated.

Answer 1

I don't know if this specifically answers your question regarding "generating smaller x509 certificates and whether it is possible"... However, I was getting the same error as you are getting about "first num too large". Immediately afterward, I would have a subsequent error regarding "invalid field name ... countryName_default". What I did was find "countryName_default" and comment it out. Then I would get a new error regarding "invalid field name ... countryName_min" So I commented that out. In total, I commented out the following items (below), and then I stopped getting all errors including the error that you described. It seemed to work after that. Here are the items I commented out:

• countryName_default
• countryName_min
• countryName_max
• stateOrProvinceName_default
• 0.organizationName_default
• organizationalUnitName
• organizationalUnitName_default
• commonName_max
• emailAddress_max
• challengePassword_min
• challengePassword_max