This discussion is archived
3 Replies Latest reply: May 18, 2012 9:55 AM by 771150 RSS

SSL certificate change from 1024 bit to 2048 bit

user12028432 Newbie
Currently Being Moderated
Hi ,

We want tot migrate from 1024 bit to 20468 bit certificates in sunone webserver 6.1 .
But there is no option in security tab to perform the same in request new certificate .

Found in google that we need to use certutil tool from operating system level .
Can some one provide me the steps to perform the same.
Also can i keep one of the certificates 1024 bit and the other ones 2048 bit ?


Regards
Madhav
  • 1. Re: SSL certificate change from 1024 bit to 2048 bit
    878004 Newbie
    Currently Being Moderated
    Hi we're looking for the same solution. Hope someone can provide a procedure.

    Thanks in advance,

    Jojo S
  • 2. Re: SSL certificate change from 1024 bit to 2048 bit
    handat Expert
    Currently Being Moderated
    read the instructions here on how to use certutil: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

    Basically, you need to run certutil with the -R option to generate a CSR which you then send to your CA and make sure you specify the same information as your existing certifcate.

    eg: certutil -R -s myserver.com -o cert-request-file-myserver.csr -d <dir containing db files> -a -g 2048

    Once you receive your certificate, you can use the -A option to import the new one. Renewal does not work in the old version of the web server so you will need to reconfigure your web server to use the new certificate instead of your old one once it is imported.

    eg: certutil -A -n myserver -t "p,p,p" -d <dir containing db files> -a -i certificate.pem
  • 3. Re: SSL certificate change from 1024 bit to 2048 bit
    771150 Newbie
    Currently Being Moderated
    In the examples above, don't I need to pass the certificate key to certutil as a parameter when creating the request and installing the new certificate, or am I misunderstanding?

    Also, after the new cert is installed, is there any configuration changes we have to make in order to authenticate clientes using their certificates? We're using Sun One 6.1.

    Thanks in advance.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points