> On Tue, May 8, 2012 at 9:20 AM, <[email protected]> wrote: >> > On Mon, May 7, 2012 at 11:42 PM, Addison Laurent >> > <[email protected]>wrote: >> >> Generating one from the 389-console is only giving me a 1024-bit key, >> >> and 2048 is required. >> >> >> >> In order to generate a 2048-bit ASCII certificate request, certain >> > options must be specified as seen in the example below: >> > >> > # certutil -R -d /database/directory/ -s >> > "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048 >> >> Right. So 389-console cannot generate the keys that are required today >> for non-self-signed? >> >> > It can, but you cant give the key size in console, It will stick to > default > 1024.
Then it cannot. Or is there a way to change that? Is that a default (implying there are other values), or hard-coded? If it's hard-coded, I think we need to call that a "bug" in today's world, if we can't use 389 Console as per the documentation to generate the CSR. Or at least change the hard-coding to a worldy-usable number. Thanks, Addison -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
