At what level did you create the key? 512? 1024? 2048? initially On Thu, Oct 7, 2010 at 1:37 PM, Ramey, Anne <anne.ra...@nc.gov> wrote:
> ** > > I’ve posted on the tideway forum as well, but I wanted to see if anyone > here might be using ADDM and have seen this same issue. > > > > We have been looking for a solution to this one for several days and > haven’t found one. When we use the https option under Administration to > generate a csr, when we upload it to Verisign to get a cert, we get an > error: > Error 600d – Weak key > The submitted CSR contains a weak key. > > For all non-Extended Validation certificates, a minimum 768-bit key is > required. 1024-bit or greater is strongly recommended. > > For 1-year Extended Validation certificates requested by December 31, 2009, > a minimum 1024-bit key is required. A 2048-bit or stronger key is strongly > recommended. After December 31, 2009, a 2048-bit or stronger key is required > for all EV certificates. > > For 2-year Extended Validation certificates, a minimum 2048-bit key is > required. > > I changed the default bits in /usr/tideway/etc/https/openssl.conf from 1024 > to 2048 and it didn’t help (I restarted httpd and the application after > doing that). > [ req ] > default_bits = 2048 > > We’ve changed ssl.conf from > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > to > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW > and then restarted the appliance after doing this. No dice. > > Anyone know how to fix this? Or what command ADDM runs when it generates > this csr? > > > > > > Anne Ramey > > *********************************** > > *E-mail correspondence to and from this address may be subject to the > North Carolina Public Records Law and may be disclosed to third parties only > by an authorized State Official.* > > > _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ -- Patrick Zandi _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"