> Hie > > On Mon, May 7, 2012 at 11:42 PM, Addison Laurent > <alaurent@xxxxxxxxxxxx>wrote: >> Generating one from the 389-console is only giving me a 1024-bit key, >> and 2048 is required. >> >> In order to generate a 2048-bit ASCII certificate request, certain > options must be specified as seen in the example below: > > # certutil -R -d /database/directory/ -s > "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048 Right. So 389-console cannot generate the keys that are required today for non-self-signed? In researching this, I found where Rich had replied to a prior poster a year or so ago not to use the command line (but I might have been missing some required context.) If the case is that 389-console cannot be used to get CSRs that are non-self-signable, then I think that's problematic. Thanks, Addison -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
