Hello, I have got a question concerning the command openssl req -newkey rsa:bits …. which I use for creating a self-signed certificate for my small private CA. Some time ago I used the command like this with OpenSSL 0.9.7g (on Suse 10.0): openssl req –x509 –newkey rsa –out cacert.pem –outform PEM As you can see I did it without giving the bit-size because of the following section in my openssl.cnf: [ req ] default_bits = 2048
A few days ago I wanted to built up my CA on a different computer (Suse 10.2 with OpenSSL 0.9.8d). I did everything as I was used to. But this time I had to add the bit-size although I used the default_bits option again in my openssl.cnf: openssl req -x509 –newkey rsa:2048 –out cacert.pem –outform PEM As you can see there is no real problem as long as everything works as I want but I would like to know why I have to add the bit-size with the new version of OpenSSL. Is it a feature/fault of the version? Can the same be observed with a newer version? (I know that I could test it on my own with a newer version but I don`t want to because everything works quiet fine right now.) Of course I took a look into the news and the changelog on http://www.openssl.org/news/news.html but I wasn’t able to find an answer for my question. So I hope that somebody in this forum can help me. Best regards domi -- View this message in context: http://www.nabble.com/bit-size-necessary-in-the-command%3A-openssl-req--newkey-rsa%3Abits--tf3790387.html#a10719161 Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]