Fail during Install: problems making Certificate Request (string too short)

[FelixGerberding]

Hey there,

I've just installed api-umbrella via apt-get on Ubuntu 16.4 Xenial. The Installation was successful, but now I'm unable to start it (using sudo /etc/init.d/api-umbrella start).

sudo service api-umbrella status is returning the following error:

api-umbrella[27993]: ....+++
api-umbrella[27993]: writing new private key to '/opt/api-umbrella/etc/ssl/self_signed.key'
api-umbrella[27993]: -----
api-umbrella[27993]: problems making Certificate Request
api-umbrella[27993]: 140129515812608:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:../crypto/asn1/a_mbstr.c:102:minsi
api-umbrella[27993]:    ...fail!

Do you have an Idea on how to fix this? If you need any additional information, just go ahead and tell me.

Best regards and thanks in advance,
Felix

[GUI]

I wasn't able to reproduce this on a fresh Xenial setup, but I have found various reports of similar errors on other projects, so hopefully this is something we can easily fix. So a couple quick questions:

• If you run openssl version what do you get?
• Are you able to run openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/C=/ST=/L=/O=API Umbrella/CN=apiumbrella.example.com' -keyout /tmp/self_signed.key -out /tmp/self_signed.crt? Or does that give the same error?
• If that generates an error, then what about trying openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/O=API Umbrella/CN=apiumbrella.example.com' -keyout /tmp/self_signed.key -out /tmp/self_signed.crt?

[FelixGerberding]

Thanks for replying, I'll try this as soon as possible.

[FelixGerberding]

openssl version => OpenSSL 1.1.0h 27 Mar 2018

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/C=/ST=/L=/O=API Umbrella/CN=apiumbrella.example.com' -keyout /tmp/self_signed.key -out /tmp/self_signed.crt results in the same issue.

openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/O=API Umbrella/CN=apiumbrella.example.com' -keyout /tmp/self_signed.key -out /tmp/self_signed.crt seems to be working fine.

[GUI]

Have you installed a newer version of OpenSSL 1.1.0 manually or via some other package? The default version of OpenSSL on Ubuntu 16.04 Xenial should be 1.0.2g: https://packages.ubuntu.com/xenial/openssl

I can confirm this issue crops up if OpenSSL 1.1.0+ is installed on the system, though. So while I don't think this should be an issue for most installations since Ubuntu 16.04 shouldn't have this version of OpenSSL, this is something we'll need to fix. We'll plan to fix this in the next package release, which will also Ubuntu 18.04 Bionic support (where OpenSSL 1.1.0 is the default).

[urbels]

Came here from Google. This issue came with 18.04 upgrade.

[KawaiDesu]

Came here from Google too, but [with another question and] found solution at another place. Try to remove empty entries from -subj, like this:
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/O=API Umbrella/CN=apiumbrella.example.com' -keyout /tmp/self_signed.key -out /tmp/self_signed.crt

Source

[GUI]

This should be fixed in API Umbrella's v0.15.1 release, which now supports Ubuntu 18.04 and OpenSSL 1.1. Thanks for the heads up!