Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3935

Regression: Wrong key length used when creating keystore from public web

    Details

    • Issue discovered during:
      Another issue

      Description

      When issuing a keystore through the public web pages (via Enroll -> Create Keystore), allowed key size from certificate profile seems to be ignored if the certificate profile has only one key size selected. Instead of defaulting to that one key size, the GUI will attempt to generate RSA 2048-bit private key.

      Reproduction steps:

      1. Create end user certificate profile 'TestProfile' with 'Available bit lengths' set to 1024.

      2. Create end entity profile 'TestProfile' with available and default certificate profile set to 'TestProfile'.

      3. Add end entity 'testentity' using the 'TestProfile' end entity profile, setting the token type to 'jks'.

      4. Open public web page -> Enroll -> Create Keystore.

      5. Attempt to issue keystore for the end entity 'testentity'.

      Expected results:

      1. Keystore has been issued for 'testentity' end entity with RSA 1024-bit private key.

      Actual results:

      1. An error is reported:

      Username: testentity
      Invalid Key in request: Illegal key length: 2048.. Please supply a correct request.

      Additional information:

      If the certificate profile has multiple key lengths available, user will be prompted to select one, and all will work well. So, just to emphasize, this happens only if a single key size has been selected in certificate profile.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mikek Mike Agrenius Kushner
              Reporter:
              branko Branko Majic (Inactive)
              Verified by:
              Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: