[389-users] How to change certificate options using 389-console ?
Rich Megginson
rmeggins at redhat.com
Tue May 8 13:06:37 UTC 2012
On 05/08/2012 05:50 AM, alaurent at cise.ufl.edu wrote:
>> On Tue, May 8, 2012 at 9:20 AM,<alaurent at cise.ufl.edu> wrote:
>>>> On Mon, May 7, 2012 at 11:42 PM, Addison Laurent
>>>> <alaurent at cise.ufl.edu>wrote:
>>>>> Generating one from the 389-console is only giving me a 1024-bit key,
>>>>> and 2048 is required.
>>>>>
>>>>> In order to generate a 2048-bit ASCII certificate request, certain
>>>> options must be specified as seen in the example below:
>>>>
>>>> # certutil -R -d /database/directory/ -s
>>>> "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
>>> Right. So 389-console cannot generate the keys that are required today
>>> for non-self-signed?
>>>
>>>
>> It can, but you cant give the key size in console, It will stick to
>> default
>> 1024.
> Then it cannot.
> Or is there a way to change that? Is that a default (implying there are
> other values), or hard-coded?
>
> If it's hard-coded, I think we need to call that a "bug" in today's world,
> if we can't use 389 Console as per the documentation to generate the CSR.
Sure. Please file a ticket at https://fedorahosted.org/389
>
> Or at least change the hard-coding to a worldy-usable number.
>
> Thanks,
> Addison
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list