Certificate Authority refuses to generate or renew a certificate because 1024-bits private keys are no longer supported. 2048-bits long Certificate Signing Request (CSR) is required both for new and renewing SSL certificate.
Since autumn of 2009, 1024-bits private keys are no more considered as secure and Certificate Authorities refuse to sign such CSR's. Starting from version 2.1.1, VisualSVN Server generates 2048-bits long private keys.
However, upgrading to newer version doesn't affect the existing private key. If you have been using VisualSVN Server since a version previous to 2.1.1, you are requested to regenerate the private key manually.
To generate the new 2048-bits private key for VisualSVN Server:
- Make sure that you have installed VisualSVN Server 2.1.1 or later.
- Start the command prompt (with elevated administrative permissions, if applicable).
Delete the server.pem file with the following command line:
- Restart the VisualSVN Server installer and choose to "Repair" the installation. Alternatively, you can repair the VisualSVN Server installation using the "Uninstall or change a program" control panel.
- The new 2048-bits private key alongside with an appropriate self-signed certificate will be generated during the repair. Other VisualSVN Server settings will not be affected.
Then you will be able to generate a 2048-bits long CSR and sign it with your Certificate Authority. For further details about SSL ceritficates support in VisualSVN Server please consider the KB34 article.