Approving PKCS#10 requests with RSA key modulus set to a negative value
Originally Published: 2008-12-29
Article Number
Applies To
Issue
RSA Certificate Manager accepts PKCS#10 requests where RSA key modulus is set to a negative value, with no warning to end-user submitting the request or to vettor/administrator approving the request. A certificate can be issued from RSA Certificate Manager for such a PKCS#10 request.
Some applications do not accept certificates containing RSA keys with negative modulus
RFC 3447 PKCS #1: RSA Cryptography Specifications describe the RSA public key modulus and exponent components as positive integers.
RSAKeyimplementation in Java does not allow negative modulus:
http://www.jhbci.de/docs/0.0.6/src/de/cscc/crypto/provider/RSAPublicKeyImpl.java.html
Sun Developer Network site shows that JDK 5 may have been updated to allow negative modulus in existing certificates:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6255949
Resolution
Such PKCS#10 requests are automatically sent to the Refused queue. A vettor or administrator can issue certificates for such requests in the Refused queue. If certificates are issued, they are marked as having a negative modulus. RSA Secure Logging Server logs issuance of certificates where RSA key has negative modulus.
Notes
Related Articles
Change Requests fail with 'Error getting UniqueID The UniqueIDUpdateService returned a null value' error in RSA Identity G… Number of Views Unexpected error during command com.rsa.ucm.request.CompleteWorkflowRequestActionsCommand execution when approving token r… Number of Views SecurID: Unable to request Certificate for a Check Point Firewall through PKCS10 request in RSA Certificate Manager Number of Views How to update an Active Directory Account Attribute to have no value <not set> using an Active Directory AFX Connector in … Number of Views RSA Identity Governance & Lifecycle Attribute Change Rule for Managed Attributes with argument "Set to old value of" does … Number of Views
Trending Articles
Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
Don't see what you're looking for?
