Access keystore on Sun ONE Webserver 6.1 for 2048 bit key length SSL

Posted by George Bailey on Server Fault See other posts from Server Fault or by George Bailey
Published on 2011-02-01T22:29:10Z Indexed on 2012/07/09 21:18 UTC
Read the original article Hit count: 315

Filed under:

webserver

|

ssl

|

java

|

sun-one

|

keystore

We want to get 2048 bit key length CSR requests. The browser based GUI provides us with a 1024 bit CSR and I don't know how to change that.

It seems that 1024 bit key lengths will no longer supported by SSL companies. (Lower cost options only support 2048 bit. Thawte who is much more expensive say they accept 1024 for only one or two year certificates, but not 3). The legacy systems in question are running Sun ONE Webserver 6.1. Upgrading would be time consuming and we would rather not have to do that right now. We will be phasing these out but it will take awhile, so...

Got it!!

http://middlewarekb.wordpress.com/2010/06/30/how-to-generate-2048-bit-keypair-using-sun-one-or-iplanet-6-1-servers/

It is for the same version webserver I am using.

/opt/SUNWwbsvr/bin/https/admin/bin/certutil -R -s "CN=sub.domain.ext,OU=org unit,O=company name,L=city,ST=spelled state,C=US,E=email" -a -k rsa -g 2048 -v 12 -d /opt/SUNWwbsvr/alias -P https-sub.domain.ext-hostname- -Z SHA1

Previous efforts edited out.

© Server Fault or respective owner

Related posts about webserver

Headers to set for AJAX calls in a custom webserver

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm writing a custom web server. When I enter the URL of my server in the browser, I get the sample text I write out to the socket in my browser correctly. This is the HTTP response that I write: HTTP/1.1 200 OK\r\n Server: My Server\r\n Date: Blah\r\n \r\n This is some sample text. This appears… >>> More
Erlang: 2 database on 2 webserver ??

as seen on Stack Overflow - Search for 'Stack Overflow'
I have created a blogging system with php+postgresql. Now I want to add a web chat ( in REAL TIME for Million of users simultaneously ) where every message is saved in database. I am thinking to use Erlang+Mnesia on a different webserver for this issue. Message's table will be like this: message_id… >>> More
Why is this mod_rewrite RewriteRule directive not working in the .htaccess file?

as seen on Server Fault - Search for 'Server Fault'
I've got a site that was hosted on a linux el cheapo hosting service that I'm migrating to my Mac OS X 10.5 Leopard Server server running Apache 2.2.8 & PHP 5.2.5 w/rewrite_module enabled and AllowOverride All, but I'm running into an issue with the following lines in the .htaccess file: RewriteEngine… >>> More
Why is this mod_rewrite RewriteRule directive not working in the .htaccess file?

as seen on Server Fault - Search for 'Server Fault'
I've got a site that was hosted on a linux el cheapo hosting service that I'm migrating to my Mac OS X 10.5 Leopard Server server running Apache 2.2.8 & PHP 5.2.5 w/rewrite_module enabled and AllowOverride All, but I'm running into an issue with the following lines in the .htaccess file: RewriteEngine… >>> More
How ISP or dns server find the nameserevr [on hold]

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I saw some articles about how DNS propagation happens.I know that ISP or DNS server(such as google public dns) cache the ip address of website which it uses to convert domain name to ip address. But my doubt is from where these ISP or dns serevr know which nameserver to go for particular domain name… >>> More

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More