I'm running SRM 8.7.0 Build 22359471 and am trying to install a new certificate. I would use the built-in CSR generation, but it requires specifying the IP address as an alternate name and our InCommon certificate request process won't accept that. Since SRM won't let me generate one without it I have to do it manually.

We've moved to using ECDSA private keys. I generate the key and CSR using the following method:

openssl ecparam -out ecdsa_key.pem -name secp384r1 -genkey && openssl req -new -key ecdsa_key.pem -nodes -out ecdsa_csr.pem -subj "/C=US/ST=REMOVED/L=REMOVED/O=REMOVED/OU=REMOVED/CN=example.com"

Once I receive the certificate, I create the file:

openssl pkcs12 -export -out example.com_2023.p12 -inkey ecdsa_key.pem -in example.com.pem

However, if I try to install this in SRM I get the following error: "The certificate does not have the minimum required key length."

I know the SRM 8.7 documentation states "The private key in the PKCS #12 file must match the certificate. The minimum length of the private key is 2048 bits." but that's with RSA.