It has been stated that "to meet industry standards and security best practices, 2048-bit private keys are required for all SSL and code signing certificates after 1 October, 2013. Therefore, any certificate whose validity period will extend past 1 October, 2013 must have a 2048-bit key or stronger."
However there have been some problems in generating a 2048-bit CSR. If you've attempted this and ended up with 2047 bits instead of 2048 bits, read on.
Problem
Your CSR is being rejected, and using our CSR decoder, you've discovered it's because it's not a 2048 bit request
Solutions
- Use another way to create a PFX/PKCS12/P12 (from an IIS, from an OpenSSL). Then import the PFX/PKCS12/P12 into iKeyman
- UPDATE the OS on IBM WebSphere
How to import keys from a PKCS12 file:
- Either start the Key Management utility in the IBM HTTP Server folder on Windows NT or enter iKeyman on a command line on Unix.
- Select Key Database File from the main UI, then select Open.
- In the Open dialog box, enter your key database name or click on key.kdb if you are using the default. Click OK.
- Enter your correct password in the Password Prompt dialog box, and click OK.
- Select Personal Certificates in the Key Database content frame, then click the Export/Import button on the label.
- In the Export/Import Key window:
- Select Import Key
- Select the PKCS12
- Enter the file name or use the Browse option
- Select the correct location
- Click OK.
- Enter your correct password in the Password Prompt dialog box and click OK