When trying to start the Dxagent, it is failing with the error below.

DXagent failed to start
-bash-4.4$ export PYTHONPATH=lib && python3 dxagent_cp_engine.py
 [dxagent] [INFO] Python Version: 3.9.20
Traceback (most recent call last):
  File "/opt/CA/Directory/dxserver/dxagent/dxagent_cp_engine.py", line 98, in <module>
    start_cherrypy()
  File "/opt/CA/Directory/dxserver/dxagent/dxagent_cp_engine.py", line 49, in start_cherrypy
    server.ssl_adapter = BuiltinSSLAdapter(DXAGENT_SERVER_CERT, DXAGENT_SERVER_KEY)
  File "/opt/CA/Directory/dxserver/dxagent/lib/cheroot/ssl/builtin.py", line 101, in init
    self.context.load_cert_chain(certificate, private_key)
ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:4062)

CA Dxagent version14.1 SP6

The openssl configuration contains the CipherString = @SECLEVEL=3, and the default key size of 2048 is not supported, so the dxagent is failing to start

In this case, we need to regenerate the certificate with the key size of 4096 and then run the setup_dxagent.sh

Now the DXagent service should be running successfully. 

The reference techdoc for regenerating the DXAgent Client Certificates.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/troubleshooting-ca-directory/creating-directory-manager-certificates-after-expiration.html