During Symantec Directory Manager installation we may find the following errors in the installation log:
Country Name (2 letter code) []:State or Province Name (full name) []:Organization Name (eg, company) []:Organizational Unit Name (eg, section) []:Common Name (eg, your dxagent client name or your dxagent servers hostname) []:problems making Certificate Request
140403148863296:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:crypto/asn1/a_mbstr.c:107:maxsize=64
After this error during installation we cannot access Directory Manager webpage.
Release : 14.x
Component : CA Directory
This problem is caused by a very long fully qualified domain name (FQDN) of the machine where Symantec Directory Manager is installed.
Directory Manager server certificate and SCIM client certificate may be affected.
This error may be reported when Symantec Directory Manager installer generates Directory Manager server certificate and SCIM client certificate
As a result, the Directory Manager and SCIM services can be started but cannot function correctly.
To fix the problem corresponding certificates need to be re-generated manually, using simple hostname instead of FQDN
Please see the following document, which explains how to re-generate the Directory Manager certificates:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/troubleshooting-ca-directory/creating-directory-manager-certificates-after-expiration.html#concept.dita_db7516a1-cc62-43ef-91dc-9c91309f6867_CA_Linux
When editing create_webserver_certificate_fqdn.sh file as per the above document (step 5), use a hostname to replace both __HOSTNAME__ and __HOSTNAME_FQDN__ strings, not an FQDN.
Please note that the above document does not explain how to re-generate SCIM client certificate.
Please see the following KB article for the SCIM client certificate re-generation steps:
https://knowledge.broadcom.com/external/article/249679