On Tue, May 8, 2012 at 9:20 AM, <alaurent(a)cise.ufl.edu> wrote:
> > On Mon, May 7, 2012 at 11:42 PM, Addison Laurent
> > <alaurent(a)cise.ufl.edu>wrote:
> >> Generating one from the 389-console is only giving me a 1024-bit key,
> >> and 2048 is required.
> >>
> >> In order to generate a 2048-bit ASCII certificate request, certain
> > options must be specified as seen in the example below:
> >
> > # certutil -R -d /database/directory/ -s
> > "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
>
> Right. So 389-console cannot generate the keys that are required today
> for non-self-signed?
>
>
It can, but you cant give the key size in console, It will stick to
default
1024.
Then it cannot.
Or is there a way to change that? Is that a default (implying there are
other values), or hard-coded?
If it's hard-coded, I think we need to call that a "bug" in today's
world,
if we can't use 389 Console as per the documentation to generate the CSR.
Or at least change the hard-coding to a worldy-usable number.
Thanks,
Addison