Hie On Tue, May 8, 2012 at 9:20 AM, <[email protected]> wrote:
> > Hie > > > > On Mon, May 7, 2012 at 11:42 PM, Addison Laurent > > <[email protected]>wrote: > >> Generating one from the 389-console is only giving me a 1024-bit key, > >> and 2048 is required. > >> > >> In order to generate a 2048-bit ASCII certificate request, certain > > options must be specified as seen in the example below: > > > > # certutil -R -d /database/directory/ -s > > "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048 > > Right. So 389-console cannot generate the keys that are required today > for non-self-signed? > > It can, but you cant give the key size in console, It will stick to default 1024. > In researching this, I found where Rich had replied to a prior poster a > year or so ago not to use the command line (but I might have been missing > some required context.) > > If the case is that 389-console cannot be used to get CSRs that are > non-self-signable, then I think that's problematic. > > Thanks, > Addison > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users > Regards Arpit Tolani
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
