Re-generating keys for EB Amazon PKI : Enigma Bridge

Re-generating keys for EB Amazon PKI Print

Modified on: Wed, 12 Oct, 2016 at 12:44 PM

First of all, you should realise that changing the keys will cause a change in the root certificate and all previously issued certificates may be impacted. This impact can be managed and we will write about it a bit more.

However, if you feel that a key(s) need to be changed, there is a simple way to do it. The PKI system uses a set of three keys and you can update each of them with a single command:

sudo -E -H -u jboss /opt/ejbca_ce_6_3_1_1/bin/pkcs11HSM.sh generate /usr/lib64/softhsm/libsofthsm.so 2048 signKey 0

sudo -E -H -u jboss /opt/ejbca_ce_6_3_1_1/bin/pkcs11HSM.sh generate /usr/lib64/softhsm/libsofthsm.so 2048 defaultKey 0

sudo -E -H -u jboss /opt/ejbca_ce_6_3_1_1/bin/pkcs11HSM.sh generate /usr/lib64/softhsm/libsofthsm.so 1024 testKey 0

The length of RSA keys is currently limited to a selection of either 1024 or 2048 bits.

Did you find it helpful? Yes No

How can we help you today?

Re-generating keys for EB Amazon PKI Print

Related Articles