Subject: | |
From: | |
Reply To: | |
Date: | Tue, 12 May 2009 15:38:27 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
We had the same problem. I used OpenSSL to generate the CSR with a
2048-bit key and imported the root, cert and key into the CAS. It worked
great. Here's the syntax I used.
openssl req -new -newkey rsa:2048 -keyout privkey.pem -nodes -out
mycsr.pem
--
Shane
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of James Simpson
Sent: Tuesday, May 12, 2009 1:08 PM
To: [log in to unmask]
Subject: Re: SSL Certs
Jim,
Thanks for the link but I forgot to mention we're on 4.1.3 currently
which doesn't have those SSL options. We won't be upgrading to 4.5
until later this summer.
Thanks,
James
Jim Thomas wrote:
>
> This doc shows the drop down in the CSR
>
(http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_gu
ide/45/cas/s_admin.html)
> . search for 2048 and it's the second option down.
>
>
>
> Thanks
>
> Jim
>
>
>
> Jim Thomas
>
> Area Networks, Inc.
>
> CCIE Security #16674
>
> CCSP,CCNP,CCDP
>
> https://au.sun.com/im/ic_email.gif [log in to unmask]
> <mailto:[log in to unmask]>
>
> https://au.sun.com/im/ic_phone.gif Cell: 916-342-2265
>
> cid:image003.jpg@01C8E328.6401B690
>
> CCIE
>
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of James Simpson
> Sent: Tuesday, May 12, 2009 12:50 PM
> To: [log in to unmask]
> Subject: SSL Certs
>
>
>
> Anyone know a way to force CCA to generate 2048 bit key lengths
instead
>
> of 1024?
>
--
James Simpson
Security Engineer
IT Services
Miami University
Oxford, OH
Office 513-529-1595
Mobile 513-839-0083
|
|
|