Hie<br><br><div class="gmail_quote">On Mon, May 7, 2012 at 11:42 PM, Addison Laurent <span dir="ltr"><<a href="mailto:alaurent@cise.ufl.edu" target="_blank">alaurent@cise.ufl.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm trying to add a new server, and will need to use SSL, of course.<br>
But all the instructions tell how to generate a self-signed CA, but<br>
we've got real signed certs on the other servers, and so I'm trying to<br>
generate a CSR for the new one.<br>
<br>
<br>
Generating one from the 389-console is only giving me a 1024-bit key,<br>
and 2048 is required.<br>
<br>
<br>
I see that running the cert request from the command line is not the<br>
preferred option, but how else can I change the parameters for the cert<br>
request?<br>
<br>
<br></blockquote><div><div> <div> <p>In order to generate a 2048-bit ASCII certificate request, certain options must be specified as seen in the example below:</p>
<pre><code># certutil -R -d /database/directory/ -s "cn=<a href="http://myhost.example.com">myhost.example.com</a>,dc=myorg,dc=com" -a -g 2048
</code></pre><p>Where:</p>
<blockquote><p>-R - Specifies that a certificate request file be generated<br>
-d - Specifies the database directory<br>
-s - Specifies the subject<br>
-a - Specifies the use of ASCII format<br>
-g - Specifies the keysize</p>
</blockquote>
<p>After successful creation, the request can be sent to the certificate authority for signing.</p><p>Arpit Tolani<br></p></div> </div> </div></div><br>