I've posted on the tideway forum as well, but I wanted to see if anyone here might be using ADDM and have seen this same issue.
We have been looking for a solution to this one for several days and haven't found one. When we use the https option under Administration to generate a csr, when we upload it to Verisign to get a cert, we get an error: Error 600d - Weak key The submitted CSR contains a weak key. For all non-Extended Validation certificates, a minimum 768-bit key is required. 1024-bit or greater is strongly recommended. For 1-year Extended Validation certificates requested by December 31, 2009, a minimum 1024-bit key is required. A 2048-bit or stronger key is strongly recommended. After December 31, 2009, a 2048-bit or stronger key is required for all EV certificates. For 2-year Extended Validation certificates, a minimum 2048-bit key is required. I changed the default bits in /usr/tideway/etc/https/openssl.conf from 1024 to 2048 and it didn't help (I restarted httpd and the application after doing that). [ req ] default_bits = 2048 We've changed ssl.conf from SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW to SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW and then restarted the appliance after doing this. No dice. Anyone know how to fix this? Or what command ADDM runs when it generates this csr? Anne Ramey *********************************** E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties only by an authorized State Official. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
