[BlueOnyx:11845] Re: SSL certificate minimum key length issues onBQ5100R
David Hahn
ml at sb9.com
Thu Dec 20 16:32:54 -05 2012
On 12/20/2012 12:49 AM, Ken - Precision Web Hosting, Inc wrote:
>
> ----- Original Message ----- From: "David Hahn" <ml at sb9.com>
> To: "BlueOnyx General Mailing List" <blueonyx at mail.blueonyx.it>
> Sent: Wednesday, December 19, 2012 6:36 PM
> Subject: [BlueOnyx:11830] SSL certificate minimum key length issues
> onBQ5100R
>
>
>> Anyone run into problems when submitting a CSR (signing-request)
>> for a SSL Cert. lately? Today when replacing one I get this..
>>
>> "Your CSR contains a key size that is no longer considered secure.
>> Security best practices require a minimum key size of 2048 bits. Please
>> submit a new CSR with a minimum 2048 bit key size."
>>
>> Up to a few months ago the cert. companies allowed the 1024 bit key
>> size..
>>
>> Will upgrading the OS to 5106 fix this issue or
>> might the Older Hardware be the issue or both?
>> Any ideas or a fix?
>>
>> TIA
>> David
>> _______________________________________________
>
> David
>
> The command is
> openssl req -new -newkey rsa:2048 -keyout key -nodes -out request
>
>
>
> Steps are pretty similar to
>
> http://mail.blueonyx.it/pipermail/blueonyx/2009-October/002685.html
>
>
>
> ----
>
> Ken Marcus
>
Yes Ken Thank you. Looks good so far. Read another post of yours and
tried it on that server.. Blue Quartz 5100r
Output below..
[root at ds ~]# cd certs
[root at ds certs]# ls -al
total 12
drwxr-xr-x 2 root root 4096 Dec 20 03:45 .
drwxr-x--- 12 root root 4096 Dec 20 03:45 ..
[root at ds certs]# openssl req -new -newkey rsa:2048 -keyout key -nodes
-out request
Generating a 2048 bit RSA private key
..............+++
.................................+++
writing new private key to 'key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Connecticut
Locality Name (eg, city) [Newbury]:Newtown
Organization Name (eg, company) [My Company Ltd]:School
Organizational Unit Name (eg, section) []:K1-5
Common Name (eg, your name or your server's hostname) []:www.domain.com
Email Address []:host at domain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root at ds certs]# ls -al
total 20
drwxr-xr-x 2 root root 4096 Dec 20 03:50 .
drwxr-x--- 12 root root 4096 Dec 20 03:45 ..
-rw-r--r-- 1 root root 1679 Dec 20 03:50 key
-rw-r--r-- 1 root root 1127 Dec 20 03:50 request
[root at ds certs]# cat request
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
[root at ds certs]# ls -al
total 20
drwxr-xr-x 2 root root 4096 Dec 20 03:50 .
drwxr-x--- 12 root root 4096 Dec 20 03:45 ..
-rw-r--r-- 1 root root 1679 Dec 20 03:50 key
-rw-r--r-- 1 root root 1127 Dec 20 03:50 request
[root at ds certs]# cat key
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Thanks Everyone Have Safe And Happy Holidays
David
More information about the Blueonyx
mailing list