I am about configuring S170 for HTTPS Proxy. On pasting the CSR I have generated on the WSA, into trusted CA server to sign, I get error message requesting private key of 2048-bits, mininum. I searched the WSA User Guide, I couldn't find any hints on how can I set the private key lenght.
Appreciate your help.
Currently the WSA is capable of generating a 1024 bit CSR. However, we are having a feature request to support the generation of 2048 bit CSR FR#CSCzv70884. As a work around you can generate the CSR using thirld party tools like openssl.
One question regarding the openssl solution. I've generated the .crs and .key files using openssl now I suppose I have to send the crs to my CA to them sign it. They usually send a .zip file with 3 certificates (for my case the CA is DigiCert):
What certificates should I install and how the Ironport Web is going to match these with the key pair??
Jose M. Cortes H.
You upload the key and the requested_certificate.crt. They have to be in PEM format. I don't think you'll need to upload the intermediate and root.
You may have to decrypt your key, I don't remember when they added the ability to upload an encrypted key... I'm on 7.7.0...