On 05/08/2012 05:50 AM, alaurent@xxxxxxxxxxxx wrote:
On Tue, May 8, 2012 at 9:20 AM,<alaurent@xxxxxxxxxxxx> wrote:
On Mon, May 7, 2012 at 11:42 PM, Addison Laurent
<alaurent@xxxxxxxxxxxx>wrote:
Generating one from the 389-console is only giving me a 1024-bit key,
and 2048 is required.
In order to generate a 2048-bit ASCII certificate request, certain
options must be specified as seen in the example below:
# certutil -R -d /database/directory/ -s
"cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
Right. So 389-console cannot generate the keys that are required today
for non-self-signed?
It can, but you cant give the key size in console, It will stick to
default
1024.
Then it cannot.
Or is there a way to change that? Is that a default (implying there are
other values), or hard-coded?
If it's hard-coded, I think we need to call that a "bug" in today's world,
if we can't use 389 Console as per the documentation to generate the CSR.
Sure. Please file a ticket at https://fedorahosted.org/389
Or at least change the hard-coding to a worldy-usable number.
Thanks,
Addison
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
