none
certificate signing request fails with message request subject name is too long or invalid

    Question

  • some of the requests to my CA are failing with message subject  name is too long or invalid 0x80094001 (-2146877439).

    the error event says request was made for  (replaced values with X)

    OU="" + T="" + Description="" + C=XX + S=XX + SN=XX + PostalCode=XXXXXX + Phone=XXXXXXXXX +
    OID.X.X.X.XX=XXXXXXXX + CN=XXXXXX + L=XXXXXX XXXXX + G=XXXXXXXXXXXXX + E=XXXXXXXX.

    question:

    1. are these attributes correct values for DN?

    2. what is the default subject name char length for CA (on Windows 2008 R2)? Is there a way to configure my CA to have higher subject Name character length?


    singhhome

    Wednesday, June 20, 2012 6:41 PM

Answers

All replies

  • Hi Singhhome,

    Thanks for posting in Microsoft TechNet forums.

    I suggest we try Gargi's steps in the thread below to see if the error is still received:

    Certificate error 0x80094001 

    http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/cc868533-4549-4412-acb1-ea72e97ab368

    Regarding the error 0x80094001, please check the article below:

    Request for Certificate Is Denied and a "The Request Subject Name Is Invalid or Too Long" Error Message Occurs

    http://support.microsoft.com/kb/312344

    Regards

    Kevin 

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    TechNet Community Support

    Thursday, June 21, 2012 4:09 AM
  • Hi Singhhome,
     
    Just checking in to see if the information was helpful. Please let us know if you would like further assistance.
     
    Have a great day!

    Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    TechNet Community Support

    Monday, June 25, 2012 4:11 AM
  • I suppose these are not correct, see http://technet.microsoft.com/en-us/library/cc772812(WS.10).aspx for list of supported DN components. Though the inf syntax is different.

    Regards

    Martin

    Monday, June 25, 2012 10:53 AM
  • issue was fixed after setting EnforceX500NameLengths to 0


    singhhome

    • Marked as answer by singhhome Monday, June 25, 2012 6:50 PM
    Monday, June 25, 2012 6:50 PM
  • Hi Singhhome,

    Thank you for sharing your solution with us. It can be helpful to other community members who face similar problems.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

       

    TechNet Community Support

    Tuesday, June 26, 2012 2:00 AM