On Tue, May 8, 2012 at 9:20 AM, <alaurent@xxxxxxxxxxxx> wrote:
It can, but you cant give the key size in console, It will stick to default 1024.
>> Generating one from the 389-console is only giving me a 1024-bit key,
>> and 2048 is required.
>>
>> In order to generate a 2048-bit ASCII certificate request, certainRight. So 389-console cannot generate the keys that are required today
> options must be specified as seen in the example below:
>
> # certutil -R -d /database/directory/ -s
> "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
for non-self-signed?
It can, but you cant give the key size in console, It will stick to default 1024.
In researching this, I found where Rich had replied to a prior poster a
year or so ago not to use the command line (but I might have been missing
some required context.)
If the case is that 389-console cannot be used to get CSRs that are
non-self-signable, then I think that's problematic.
Thanks,
Addison
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
Regards
Arpit Tolani
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
