Intrusion Prevention

Expand all | Collapse all

SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

  • 1.  SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

    Posted 07-16-2010 02:35

    Hello,

     

    I'm trying to add SSL decryption to an IDP75 for a Lotus Domino web server, however I get the above error when trying to import the key.

     

    Process thus far:

    • Exported the SSL keypair from the Domino .kyr file to a pkcs12 file using an old IBM Key Management tool
    • FTPed the new key (export.p12) to the IDP sensor
    • Ran command 'openssl pkcs12 -in export.p12 -out export.txt -nodes', this requested password then MAC verified OK
    • Ran command 'chmod 777 export.txt'
    • Ran command 'scio ssl add key export.txt server IP address

    This then returns the following error: Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)

     

    IDP version is 4.1.112010

     

    Can any one offer an advise in overcoming this issue?

     

    Thanks,

     

    Nick

     



  • 2.  RE: SSL Certificate Import Error: ssl_add_key_get_id: key size (7320) is out of limit (4096)
    Best Answer

    Posted 07-16-2010 04:25

    Hello again,

     

    Just thought I'd update and ley you know I fixed the problem Smiley Happy

     

    I added the '-clcerts' switch to the open ssl command which outputs only the clients certs not the ca's.

     

    openssl pkcs12 -in export.p12 -clcerts -out export.pem

     

    Everything seems to be working correctly.... very chuffed

     

    Nick