Chef12 pivotal certificate


Ohai Chefs!

I’m exploring a way to self-generate the /etc/opscode secrets with Chef12, and noticed that the pivotal user’s certificate has a CN with a format “URI:{UUID}” where UUID is a 36 character string.
This CN turns out to be 65 characters, which is 1 more than the 64 character limit imposed by OpenSSL.

OpenSSL gives an error message similar to the following:
string is too long, it needs to be less than 64 bytes long
problems making Certificate Request

While I’m sure this isn’t a problem in practice (I can put anything in the CN, after all), I wanted to bring it to your attention.