For a 2004 software combination (which means a 2004 webserver) it is letting out a CSR with a 1024 key length. The company we have been purchasing the SSLs from requires a 2048 bit key length. It it possible to convert a 1024 CSR to 2048?
The webserver is "Sun ONE Web Server 6.1". This will be phased out, but we will not be upgrading all of these right away.
I have attempted creating a csr directly from the keyfile but this is what I get
#/opt/SUNWwbsvr/bin/https/jdk/bin/keytool -certreq -keyalg RSA -file /tmp/test.csr -keystore /opt/SUNWwbsvr/alias/https-domainname-hostname-cert8.db
keytool error: java.io.IOException: Invalid keystore format
#/opt/SUNWwbsvr/bin/https/jdk/bin/keytool -certreq -keyalg RSA -file /tmp/test.csr -keystore /opt/SUNWwbsvr/alias/https-domainname-hostname-key3.db
keytool error: java.io.IOException: Invalid keystore format
#
I expected it to ask for a password, but that did not happen.
I am hoping there will be a way to either access the key store directly and get what I need or a way to convert my CSR from 1024 bits to 2048 bits before sending it on to the SSL company.
Best Answer
I'm afraid that what you're asking is not possible, there's no cryptographic way of making a 1024 bit sign a csr for a 2048 bit, and it's not desirable either.
You don't really have to go up to 2048 bit if your server doesn't allow you to, there's plenty of companies that will sell you a 1024 bit certificate, or you can even ask your current company for a 1024 bit certificate or else you'll find someone else.
Hope the answer gives you some insight in the matter!