During the process of configuring web authentication for a guest access wireless network in an HP Wireless Edge Services (WESM) network environment I identified an issue both with the devices user interface and the resulting certificate signing request (CSR) that is generated during the setup of a trustpoint for a 3rd party SSL certificate. The HP WES module is a J9051a running code 1.33 which is the latest build available at the time. The WESM interface shows an option to generate a key between 1024 and 2048 bytes, however key size is typically identified in bits not bytes so if this was accurate the resulting key would be between 8192 and 16384 bits and thats a pretty heavy weight (and performance impacting) signing key.
Assuming the dialogs intention was actually a 1024-2048 bit key, I added a 2048 key to use with my certificate request as most certificate authorities are now mandating 2048 bit keys and then I attempted to post my CSR to a well known CA but it failed the CSR validation step so I used an online CSR decoder to view my CSR details and what the WESM actually generated was a 1024 bit key. After reproducing this several times I determined that I was going to have to make due with a 1024 bit key for the time being and find a reputable CA that would process it (which Network Solutions was able to do). As soon as HP resolves this issue I will have to replace the WESM certificates with a 2048 bit signing key to maintain their integrity long term as its pretty well recognized that 1024 bit keys are no longer secure.
If you need to validate your CSR the best online CSR decoder I’ve found is over at http://certlogik.com/decoder