000021680 - How to create a System CA with 2048-bit encryption during a new installation of RSA Keon Certificate Authority

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021680
Applies ToKeon Certificate Authority 6.5.1
IssueHow to create a System CA with 2048-bit encryption during a new installation of RSA Keon Certificate Authority
How to create RSA Keon Certificate Authority System CA with a key size of 2048
By default, RSA Keon Certificate Authority creates a System CA during installation with a key size of 1024
ResolutionDuring the installation of the KCA, when you are prompted that the first part of the installation has completed and you are given a port number to write down, and before entering any configuration information, edit the \RSA_KeonCA\iws\iws-root\sinstall.xuda file and add the two lines highlighted below exactly as they are shown in the excerpt below:

<!-- Create System CA -->

 [@CRYPTO_KEYSIZE=2048]

      !if user-iname=""
          [@CN=System CA]
          [@nick=System CA]
      !else
          [@CN=[user-iname] System CA]
          [@nick=[user-iname] System CA]
      !endif

      [@CA_TYPE=1]
      <!-- [@TTL=1100] -->
      [@TTL=0:0:[%1100*86400]]

      <!-- create certDN string for the CA certificate -->

      [@comma:=,]
      [@certDN=]

      !if CN="DEFINED"
        !if CN!""
            [@tempCN=[CN]]
            !SubStrReplace( tempCN, [comma], "&comma;" )
            !SubStrReplace( tempCN, "=", "&equals;" )
            [@certDN=CN=[tempCN]]
        !endif
      !endif

      !if OU="DEFINED"
        !if OU!""
            [@tempOU=[OU]]
            !SubStrReplace( tempOU, [comma], "&comma;" )
            !SubStrReplace( tempOU, "=", "&equals;" )
            [@certDN=[certDN][?certDN!"":,:]OU=[tempOU]]
        !endif
      !endif

      !if O="DEFINED"
        !if O!""
            [@tempO=[O]]
            !SubStrReplace( tempO, [comma], "&comma;" )
            !SubStrReplace( tempO, "=", "&equals;" )
            [@certDN=[certDN][?certDN!"":,:]O=[tempO]]
        !endif
      !endif

      !if C="DEFINED"
        !if C!""
            [@tempC=[C]]
            !SubStrReplace( tempC, [comma], "&comma;" )
            !SubStrReplace( tempC, "=", "&equals;" )
            [@certDN=[certDN][?certDN!"":,:]C=[tempC]]
        !endif
      !endif

  !SetCryptoInfo( CRYPTO_MODULE, "", "", "", "", system-provider, system-pin, system-slot, system-cardset )     
  !CAGenerateKeypair("", "1", keyid)
  !if RESULT!"XrcOK"
   !GenError( RESULT, Unable to generate keypair. )
  !endif
  !SetCryptoInfo( CRYPTO_MODULE, system-provider, system-pin, system-slot, system-cardset, "", "", "", "" )   
  !CANewWithKeypair( "SystemDefault", "", [keyid] )
  !if RESULT!"XrcOK"
   !GenError( RESULT, Unable to create CA. )
  !endif

[@CRYPTO_KEYSIZE=1024]

      <!-- Set up vars need to create Admin CA -->
Legacy Article IDa24330

Attachments

    Outcomes