harbor: install.sh Fail to generate key file

I’m installing v1.1.2 on a fresh debian 9, install.sh failed with the following output:

$ sudo ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 17.06.0

Note: docker-compose version: 1.14.0

[Step 1]: loading Harbor images ...
Loaded image: vmware/harbor-jobservice:v1.1.2
Loaded image: vmware/nginx:1.11.5-patched
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/harbor-adminserver:v1.1.2
Loaded image: vmware/harbor-ui:v1.1.2
Loaded image: vmware/harbor-log:v1.1.2
Loaded image: vmware/harbor-db:v1.1.2
Loaded image: vmware/registry:2.6.1-photon
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Fail to generate key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt

After reading the prepare script and added some debugging print() calls, I found the following command failed:

$ sudo openssl  req -new -x509 -key ./common/config/ui/private_key.pem -out ./common/config/registry/root.crt -days 3650 -subj '/C=/ST=/L=/O=/CN=
/'
problems making Certificate Request
139925692761344:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:../crypto/asn1/a_mbstr.c:102:minsize=2

I changed empty_subj to / and successfully run ./prepare.

openssl version is:

$ openssl version
OpenSSL 1.1.0f  25 May 2017

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 8
  • Comments: 18 (4 by maintainers)

Most upvoted comments

to fix this on Debian 9 just edit prepare script and change: empty_subj = "/C=/ST=/L=/O=/CN=/" to empty_subj = "/"

works like a charm here

+37
teknologist on Jan 26, 2018

the issue is also present in the latest ubuntu LTS (18.04).

+9
jouve on May 14, 2018

debian 9 same issue,the issue maby OpenSSL not allow empty subject.

+3
sdandroid on Aug 14, 2017

the issue is also present in the latest ubuntu LTS (18.04).

the workaroud same as the answer who @teknologist replied.

+2
barryz on Jul 18, 2019

Same on Debian Buster. Thing is I’m not even using SSL so why is it even attempting to generate them?

+1
bweston92 on Jan 4, 2018

same issue on on deepin linux 4.9.29-4.

+1
pppoke on Dec 1, 2017
Read more comments on GitHub
← harbor: High CPU usage (core and database) after 2.2.0 upgrade
harbor: Internal TLS not working when tutorial followed 2.0.0 →