Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1963
Views
5
Helpful
3
Replies

Generate CSR public key 2048 bit

Go to solution
ccsipaul01
Level 1
Level 1

‎04-01-2013 11:55 AM

Hello all,

I apologize if the answer is already posted here.

Trying to generate a certificate that uses a 2048 bit.

Going through the UI, there is no option to define the bit and it generates a 1024 bit key.

Looked at the CLI certconfig and the option there was to paste the PEM content.

Async OS 7.5.0-833.

Any help is appreciated.

Thanks

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christian Rahl
Level 1
Level 1
In response to Ken Stieers

‎04-03-2013 10:17 AM

Paul,

There is currently no way to generate keys other than 1024 bit keys.  It is a feature request with the current bug id's.

CSCzv70884 - [Feature Request] Support Generating 2048bit Certificates in HTTPS Proxy

Christian Rahl

Customer Support Engineer

Cisco Web Content Security Appliance

Cisco Technical Assistance Center RTP

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎04-01-2013 12:23 PM

Paul,

I haven't found any docs where you can specify to create a 2048 bit key.  I think your best bet is to get a copy of OpenSSL, create your own key and CSR, and send that to the CA, and then upload the key and cert to the WSA...

Ken

Go to solution
Christian Rahl
Level 1
Level 1
In response to Ken Stieers

‎04-03-2013 10:17 AM

Paul,

There is currently no way to generate keys other than 1024 bit keys.  It is a feature request with the current bug id's.

CSCzv70884 - [Feature Request] Support Generating 2048bit Certificates in HTTPS Proxy

Christian Rahl

Customer Support Engineer

Cisco Web Content Security Appliance

Cisco Technical Assistance Center RTP

0 Helpful

Go to solution
ccsipaul01
Level 1
Level 1
In response to Christian Rahl

‎04-03-2013 12:02 PM

Thanks Ken, Christian!

The problem is that few sites if any support 1024 bit keys anymore. Entrust and Thawte do not.

We used OpenSSL to generate the CSR and will try and bind to WSA. Never tried that before so hoping it was not a waste of time and money.

Thanks again Ken and Christian!!

Paul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents