SSL Key too small error on startup

Server startup fails after upgrade with error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

Problem Description

When an Aerospike node has been upgraded in terms of both the Aerospike Database version as well as the OS, the server fails at start up with:

error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

The same certificate worked with the previous version of the Aerospike Database on the older OS.

Explanation

This is an SSL error message. The reason the error is shown is because as of openSSL 1.1.0k, 1024 bit certificates were no longer considered secure and will therefore be rejected.

Solution

To resolve this error, 2048 bit certificates must be generated for use with Aerospike. The openSSL version used is dependant on the OS rather than the Aerospike version and as such this change in behaviour is resultant from the OS upgrade.

Notes

• Details on the openSSL change.
• How to Generate Self Signed TLS Certificates.
• FAQ on Aerospike TLS.

Keywords

TLS CERTIFICATE TOO SMALL KEY OS UPGRADE

Timestamp

December 2020