Skip to Content
Former Member
Jun 25, 2009 at 06:07 AM

Generating SSL Certificate Request with more than 512 bits



In our production BW system we are having SSL server certificate from a vendor and it was working so far without any issues and it getting expired soon. When we created new certificate request and sent to new vendor (our company is going for a new vendor from this time) they could not able to generate a response since they are expecting the request from our side to be

1024 bits after which we came to know from the note (509495) we need to insert two new parameters as follows:

sec/rsakeylengthdefault and sec/dsakeylengthdefault with 1024 as value and also we need to recreate the PSE to make this parameter activate and recreate the certificate request. Since we cannot do this in the running Production, we did the same type of scenario as testing in our quality BW system and recreated the certificate request and the vendor created a response and sent to us along with the root certificate and intermediate root certificate. We could able to export the Root and Intermediate CA certificates to the database but when we try to import the certificate response it is giving error as follows:

"CA certificate response cannot be imported"

We tried several combinations but it is giving same error everytime. The Release of the BW system in quality as well as productionis NW04 6.40 Kernel patch 196.

So we did similar testing in different BW system which is of Release NW04s 700 Kernel Patch 185 and it worked well.

Question: 1)Is there any restriction on NW04 system in terms of getting a certificate of more than 512 bits...

2) Is there anything else to be done apart from those 2 parameters before recreating the PSE ?