Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
3
Replies

Unity Connection 7.x and CSR generation

Go to solution
sdavids5670
Level 2
Level 2

‎02-27-2011 07:51 PM - edited ‎03-19-2019 02:29 AM

A client of mine has a Unity Connection server and the tomcat cert is about to expire.  I

generated a CSR for tomcat using the OS admin console and gave it to the client to submit to his CA.  He responded to me that the CSR I provided was 1024 bit and that his CA only accepts 2048 and higher.  I do not recall being able to specify a bit length during CSR generation.  Is there a way to do that thru the CLI or by some other means?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bvanturn
Cisco Employee
Cisco Employee

‎02-28-2011 12:23 AM

Hi,

It is not possible to specify this. Starting 8.0(3) it defaults to 2048 bit though.

CSCso62711    Cert Manager should generates Tomcat CSR using RSA 2048 instead of 1024

There is also an enhancement defect open to let the user choose though with the implementation of default to 2048 it is not so relevant any more.

So in order to achieve this you will need to upgrade your server.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
bvanturn
Cisco Employee
Cisco Employee

‎02-28-2011 12:23 AM

Hi,

It is not possible to specify this. Starting 8.0(3) it defaults to 2048 bit though.

CSCso62711    Cert Manager should generates Tomcat CSR using RSA 2048 instead of 1024

There is also an enhancement defect open to let the user choose though with the implementation of default to 2048 it is not so relevant any more.

So in order to achieve this you will need to upgrade your server.

0 Helpful

Go to solution
sdavids5670
Level 2
Level 2
In response to bvanturn

‎02-28-2011 05:43 AM

Thank you very much for your response.  Quick follow-up question. What are the ramifications of allowing the cert to expire?  What, if anything, will stop working?  Or will the browser just show a message stating that the certificate is expired but still allow the page to render?  Also, I'll feel bad if I don't ask....is there an engineering special for 7.x that will allow me to generate a CSR of 2048 bit length or is 8.x the only option?

0 Helpful

Go to solution
bvanturn
Cisco Employee
Cisco Employee
In response to sdavids5670

‎02-28-2011 06:08 AM

I have not tested it explictly but indeed I would simply expect the browser to throw a popup about the certificate being expired. Simple test is to put the clock of your client forward compared to the server and then you will see this popup/browser error about the certificate. If you have a test server you can cimply turn forward time on it as well.

0 Helpful
Customers Also Viewed These Support Documents