000021495 - Certificate Management Protocol (CMP) Service only allows 512-2048 keysizes in RSA Keon Certificate Authority 6.5.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021495
Applies ToKeon Certificate Authority 6.5.1
Sun Solaris 2.8
Microsoft Windows 2000 Advanced Server
IssueCertificate Management Protocol (CMP) Service only allows 512-2048 keysizes in RSA Keon Certificate Authority 6.5.1
Error: "Invalid public key size. Minimum key size if 512 bits, and maximum size is 2048 bits."
Cause
RSA Keon Certificate Authority 6.5.1 is designed to support up to 4096 bit key sizes. Some code in the Certificate Management Protocol (CMP) server still had a limit set inside to only accept keysizes up to 2048. If a CMP client connects and requests a keysize greater than 2048, the error message is generated by the CMPServer and sent to the client.

NOTE: The specific client may not be able to display this message but this is the error which may be seen on a LAN trace if the negotiation between the CMP client and the Keon CMP Server is monitored.
ResolutionA drop-in patch is available from RSA Security Customer Support as KCA 6.5.1 hot fix build 234. This patch is cumulative and includes all official patches for KCA 6.5.1 up to build 234.
Legacy Article IDa23143

Attachments

    Outcomes