Submitted by mark_kendall on Thu, 01/20/2011 - 13:52
Operating system CentOS Linux 5.5
Webmin version 1.530
Virtualmin version 3.82.gpl GPL
Virtual Server > Server Configuration > Manage SSL Certificate > Signing Request
Filled in all fields (except 'Other domain names'), stuck with default key size (2048) and consistently got wrong key size errors from 2 different authorities. Tried again and manually entered 2048 in the key size and CSR accepted immediately.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Thu, 01/20/2011 - 16:06 Comment #1
What key size is your CA reporting that the failing CSR has? The default in Virtualmin should always be 2048, unless changed at System Settings -> Virtualmin Configuration -> SSL settings -> Default SSL key size.
Submitted by mark_kendall on Thu, 01/20/2011 - 17:00 Comment #2
Unfortunately, the only error I received from either (QuickSSL Premium and AlphaSSL - Both free trials) was invalid key size errors without reporting the actual key size. Both errors stated that the key size must be equal or greater than 2048.
The System Settings -> Virtualmin Configuration -> SSL settings -> Default SSL key size = 2048 and has not been changed.
This is a fresh install and the first CSR to be created.
Submitted by JamieCameron on Thu, 01/20/2011 - 17:52 Comment #3
You can check to see what key size the CSR has with the command :
openssl req -in /path/to/ssl.csr -text | grep "RSA Public Key"Submitted by mark_kendall on Sun, 01/23/2011 - 07:03 Comment #4
RSA Public Key: (1024 bit)
[Attached] Screenshot of signing request screen and details
Submitted by JamieCameron on Sun, 01/23/2011 - 15:00 Comment #5
Ok, so it is clearly creating the key too small ...
What is the output from the following command on your system :
grep key_size /etc/webmin/virtual-server/configSubmitted by mark_kendall on Mon, 01/24/2011 - 13:14 Comment #6
key_size=1024
Submitted by JamieCameron on Mon, 01/24/2011 - 13:37 Comment #7
Ok, that corresponds to the setting in the UI at System Settings -> Virtualmin Configuration -> SSL settings -> Default SSL key size. You should change it from 1024 to 2048..
Submitted by mark_kendall on Tue, 01/25/2011 - 02:14 Comment #8
OK, Done that.
Many thanks Jamie, as always your help has been invaluable.
Submitted by JamieCameron on Tue, 01/25/2011 - 11:21 Comment #9
Ok, great!
Submitted by Issues on Tue, 02/08/2011 - 13:19 Comment #10
Automatically closed -- issue fixed for 2 weeks with no activity.