Security

 View Only
last person joined: 10 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
Back to discussions
Expand all | Collapse all

SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

  • 1.  SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

    Posted 07-16-2010 02:35

    Hello,

     

    I'm trying to add SSL decryption to an IDP75 for a Lotus Domino web server, however I get the above error when trying to import the key.

     

    Process thus far:

    • Exported the SSL keypair from the Domino .kyr file to a pkcs12 file using an old IBM Key Management tool
    • FTPed the new key (export.p12) to the IDP sensor
    • Ran command 'openssl pkcs12 -in export.p12 -out export.txt -nodes', this requested password then MAC verified OK
    • Ran command 'chmod 777 export.txt'
    • Ran command 'scio ssl add key export.txt server IP address

    This then returns the following error: Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

     

    IDP version is 4.1.112010

     

    Can any one offer an advise in overcoming this issue?

     

    Thanks,

     

    Nick

     



  • 2.  RE: SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)
    Best Answer

    Posted 07-16-2010 04:25

    Hello again,

     

    Just thought I'd update and ley you know I fixed the problem Smiley Happy

     

    I added the '-clcerts' switch to the open ssl command which outputs only the clients certs not the ca's.

     

    openssl pkcs12 -in export.p12 -clcerts -out export.pem

     

    Everything seems to be working correctly.... very chuffed

     

    Nick