We want to get 2048 bit key length CSR requests. The browser based GUI provides us with a 1024 bit CSR and I don't know how to change that.
It seems that 1024 bit key lengths will no longer supported by SSL companies. (Lower cost options only support 2048 bit. Thawte who is much more expensive say they accept 1024 for only one or two year certificates, but not 3). The legacy systems in question are running Sun ONE Webserver 6.1. Upgrading would be time consuming and we would rather not have to do that right now. We will be phasing these out but it will take awhile, so…
Got it!!
It is for the same version webserver I am using.
/opt/SUNWwbsvr/bin/https/admin/bin/certutil -R -s "CN=sub.domain.ext,OU=org unit,O=company name,L=city,ST=spelled state,C=US,E=email" -a -k rsa -g 2048 -v 12 -d /opt/SUNWwbsvr/alias -P https-sub.domain.ext-hostname- -Z SHA1
Best Answer
I don't have any where I can test this, so its mostly thoughts on what I'd try...
First backup cert8.db and key.db somewhere. Then delete the originals and try making something new:
I'm looking through the possibilities at: http://developers.sun.com/appserver/reference/techart/keymgmt.html
Does that work? Does the following then work?
If so, what happens if you restart the web server? Does it like the new cert? If it likes the cert, you could then try creating a signing request instead with 2048bits.