3 Replies Latest reply: May 18, 2012 11:55 AM by 771150 RSS

    SSL certificate change from 1024 bit to 2048 bit

      Hi ,

      We want tot migrate from 1024 bit to 20468 bit certificates in sunone webserver 6.1 .
      But there is no option in security tab to perform the same in request new certificate .

      Found in google that we need to use certutil tool from operating system level .
      Can some one provide me the steps to perform the same.
      Also can i keep one of the certificates 1024 bit and the other ones 2048 bit ?

        • 1. Re: SSL certificate change from 1024 bit to 2048 bit
          Hi we're looking for the same solution. Hope someone can provide a procedure.

          Thanks in advance,

          Jojo S
          • 2. Re: SSL certificate change from 1024 bit to 2048 bit
            read the instructions here on how to use certutil: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

            Basically, you need to run certutil with the -R option to generate a CSR which you then send to your CA and make sure you specify the same information as your existing certifcate.

            eg: certutil -R -s myserver.com -o cert-request-file-myserver.csr -d <dir containing db files> -a -g 2048

            Once you receive your certificate, you can use the -A option to import the new one. Renewal does not work in the old version of the web server so you will need to reconfigure your web server to use the new certificate instead of your old one once it is imported.

            eg: certutil -A -n myserver -t "p,p,p" -d <dir containing db files> -a -i certificate.pem
            • 3. Re: SSL certificate change from 1024 bit to 2048 bit
              In the examples above, don't I need to pass the certificate key to certutil as a parameter when creating the request and installing the new certificate, or am I misunderstanding?

              Also, after the new cert is installed, is there any configuration changes we have to make in order to authenticate clientes using their certificates? We're using Sun One 6.1.

              Thanks in advance.