Intrusion Prevention

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

Jump to Best Answer
  • 1.  SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

    Posted 07-16-2010 02:35

    Hello,

     

    I'm trying to add SSL decryption to an IDP75 for a Lotus Domino web server, however I get the above error when trying to import the key.

     

    Process thus far:

    • Exported the SSL keypair from the Domino .kyr file to a pkcs12 file using an old IBM Key Management tool
    • FTPed the new key (export.p12) to the IDP sensor
    • Ran command 'openssl pkcs12 -in export.p12 -out export.txt -nodes', this requested password then MAC verified OK
    • Ran command 'chmod 777 export.txt'
    • Ran command 'scio ssl add key export.txt server IP address

    This then returns the following error: Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

     

    IDP version is 4.1.112010

     

    Can any one offer an advise in overcoming this issue?

     

    Thanks,

     

    Nick

     



  • 2.  RE: SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)
    Best Answer

    Posted 07-16-2010 04:25

    Hello again,

     

    Just thought I'd update and ley you know I fixed the problem Smiley Happy

     

    I added the '-clcerts' switch to the open ssl command which outputs only the clients certs not the ca's.

     

    openssl pkcs12 -in export.p12 -clcerts -out export.pem

     

    Everything seems to be working correctly.... very chuffed

     

    Nick