How do I increase my CSR keysize to 2048-bits in Sun One WebServer 6.1?

Problem

How do I increase my CSR keysize to 2048-bits in Sun One WebServer 6.1?

Resolution

Sun One WebServer contains a GUI that allows you to quickly create a CSR.  The problem with this GUI is that in older versions of Sun One WebServer, the keysize for this CSR defaults to 1024-bits.  The steps below will allow you to create a CSR with a 2048-bit length.

  1. Log on to the web server that you want to create the CSR for.

  2. Open a command prompt and go to the Sun ONe Web Server admin bin directory (i.e. c:\Sun\WebServer6.1\bin\https\admin\bin)

  3. Run the following command:

  4. certutil -R -s "CN=www.mydomain.com,OU=My Department,O=My Organisation,L=My Locality,ST=My State,C=My Country" -a -o mycsr.csr -k rsa -g 2048 -d (location of Sun One WebServer directory)\alias -P https-yourdomain -Z SHA1

    Note: You must change the value of the CN, OU, O, L, ST and C fields in bold to suit your website and company's information.  You must also change the value of the -P option to suit the web instance (i.e. c:\Sun\WebServer6.1\alias).  Finally you much change the name of the alias 'yourdomain' in bold.

    Before the request file is created, the Certificate Database Tool will prompt you for a password for the keydb.

  5. You will then be asked to type on the keyboard to create a random seed.  You can simply type random characters on your keyboard until the meter is full.  Press enter when prompted.

  6. Open up the mycsr.csr file that you created using a simple text editor such as notepad.  Copy the entire contents of the file and submit it to QuoVadis.

Add Feedback