cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1777
Views
0
Helpful
5
Replies

How can I set the private key lenght for WSA SSL Cert to 2048-bits

Mike Masalla
Level 1
Level 1

I am about configuring S170 for HTTPS Proxy. On pasting the CSR I have generated on the WSA, into trusted CA server to sign, I get error message requesting private key  of 2048-bits, mininum. I searched the WSA User Guide, I couldn't find any hints on how can I set the private key lenght.

Appreciate your help.

Thanks

5 Replies 5

Puja Mahapatra
Cisco Employee
Cisco Employee

Hello Mike,

Currently the WSA is capable of generating a 1024 bit CSR. However, we are having a feature request to support the generation of 2048 bit CSR FR#CSCzv70884. As a work around you can generate the CSR using thirld party tools like openssl.

Regards,

-Puja

Hi Puja,

One question regarding the openssl solution. I've generated the .crs and .key files using openssl now I suppose I have to send the crs to my CA to them sign it. They usually send a .zip file with 3 certificates (for my case the CA is DigiCert):

DigiCertCA.crt

Trustedroot.crt

requested_certificate.crt

What certificates should I install and how the Ironport Web is going to match these with the key pair??

Best Regards,

Jose M. Cortes H.

You upload the key and the requested_certificate.crt.  They have to be in PEM format.  I don't think you'll need to upload the intermediate and root.

You may have to decrypt your key, I don't remember when they added the ability to upload an encrypted key... I'm on 7.7.0...

Ken

Thanks, any idea how to decrypt the key generated by openssl??

Regards

openssl rsa -in -out