How can I set the private key lenght for WSA SSL Cert to 2048-bi

Mike Masalla · ‎09-01-2013

I am about configuring S170 for HTTPS Proxy. On pasting the CSR I have generated on the WSA, into trusted CA server to sign, I get error message requesting private key of 2048-bits, mininum. I searched the WSA User Guide, I couldn't find any hints on how can I set the private key lenght.

Appreciate your help.

Thanks

Puja Mahapatra · ‎09-01-2013

Hello Mike,

Currently the WSA is capable of generating a 1024 bit CSR. However, we are having a feature request to support the generation of 2048 bit CSR FR#CSCzv70884. As a work around you can generate the CSR using thirld party tools like openssl.

Regards,

-Puja

jose cortes · ‎09-12-2013

Hi Puja,

One question regarding the openssl solution. I've generated the .crs and .key files using openssl now I suppose I have to send the crs to my CA to them sign it. They usually send a .zip file with 3 certificates (for my case the CA is DigiCert):

DigiCertCA.crt

Trustedroot.crt

requested_certificate.crt

What certificates should I install and how the Ironport Web is going to match these with the key pair??

Best Regards,

Jose M. Cortes H.

Ken Stieers · ‎09-13-2013

You upload the key and the requested_certificate.crt. They have to be in PEM format. I don't think you'll need to upload the intermediate and root.

You may have to decrypt your key, I don't remember when they added the ability to upload an encrypted key... I'm on 7.7.0...

Ken

jose cortes · ‎09-13-2013

Thanks, any idea how to decrypt the key generated by openssl??

Regards

Ken Stieers · ‎09-13-2013

openssl rsa -in -out

How can I set the private key lenght for WSA SSL Cert to 2048-bits