When issuing a keystore through the public web pages (via Enroll -> Create Keystore), allowed key size from certificate profile seems to be ignored if the certificate profile has only one key size selected. Instead of defaulting to that one key size, the GUI will attempt to generate RSA 2048-bit private key.
1. Create end user certificate profile 'TestProfile' with 'Available bit lengths' set to 1024.
2. Create end entity profile 'TestProfile' with available and default certificate profile set to 'TestProfile'.
3. Add end entity 'testentity' using the 'TestProfile' end entity profile, setting the token type to 'jks'.
4. Open public web page -> Enroll -> Create Keystore.
5. Attempt to issue keystore for the end entity 'testentity'.
1. Keystore has been issued for 'testentity' end entity with RSA 1024-bit private key.
1. An error is reported:
Invalid Key in request: Illegal key length: 2048.. Please supply a correct request.
If the certificate profile has multiple key lengths available, user will be prompted to select one, and all will work well. So, just to emphasize, this happens only if a single key size has been selected in certificate profile.