Thanks for your efforts, Charlie. Mozilla does support 1024-bit key generation. There is some javascript in the enrollment HTML pages which triggers the key generation and CRMF generation. However, the default page which came with CMS defaults to a 512-bit keygen. Presumably, this is the problem you're encountering.
You would be to lobby the DoD PKI working group to have them test with Mozilla. Also note, however, that Mozilla was not even close to being a supported, tested platform for CMS at the time the DoD PKI was released. I suspect you will have to wait a while before seeing full support. Steve Parkinson Engineering Manager Netscape Certificate Management System Charlie Bosch wrote: > Mozilla now supports the FIPS ciphers which is one more step closer to > being DoD PKI compliant but when will it be able to support 1024 key > length so that I can use it to request an X.509 certificate? > > Our PKI extranet (Netscape) certificate server rejects its request > stating it expected a key length of 1024 bytes and above but received > a 512 byte key during the certificate request generation. > > I really want to have our people use this extremely capable browser > and got excited when I noticed it supported the FIPS ciphers (which is > one of our requirements) but I was disappointed to find that it > apparently only supports a 512 byte key. This leaves only Netscape > Communicator 4.75 and above - which will not be around forever (and > doesn't have the desirable features of Mozilla 1.0 or Netscape 7). > > --- > Charlie >
