SSL Key too small error on startup

The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.

Server startup fails after upgrade with error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

Problem Description

When an Aerospike node has been upgraded in terms of both the Aerospike Database version as well as the OS, the server fails at start up with:

error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

The same certificate worked with the previous version of the Aerospike Database on the older OS.

Explanation

This is an SSL error message. The reason the error is shown is because as of openSSL 1.1.0k, 1024 bit certificates were no longer considered secure and will therefore be rejected.

Solution

To resolve this error, 2048 bit certificates must be generated for use with Aerospike. The openSSL version used is dependant on the OS rather than the Aerospike version and as such this change in behaviour is resultant from the OS upgrade.

Notes

Keywords

TLS CERTIFICATE TOO SMALL KEY OS UPGRADE

Timestamp

December 2020