Solved: Re: 2048 bit Certificate for LMS 3.1

rfuerdauer · ‎08-04-2009

Hello,

has anyone experiences how to use a CA signed 2048bit Certificate for SSL in LMS 3.1.

Per default LMS uses a self signed 1024bit Certificate which is not secure enough for our Security policies.

Thanks a lot

Joe Clarke · ‎08-06-2009

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

View solution in original post

yjdabear · ‎08-04-2009

Not sure about the 2048-bit part, but LMS can certain use CA certficate, per the documentation: "You can upload Third Party Security Certificates using the SSL Utility Script"

either

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.1/user/guide/admin.html#wp843846

or

http://(your-lms-hostname-here):1741/help/cmf/sysadmin_self_sign_cert.html

Joe Clarke · ‎08-04-2009

Modulo 2048 certs should be fine. Anything above that will most certainly trigger failures.

rfuerdauer · ‎08-06-2009

That's good, but how can i generate a 2048 cert ?

I've found not hints in SSLUtil.pl or Help.

Joe Clarke · ‎08-06-2009

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

rfuerdauer · ‎08-10-2009

Thank you very much.