Re: [OSL | CCIE_Security] Improving RSA key strength (Cisco IOS CA Server).

[Tyson Scott]

Simon,

 

Specify the key before applying it

 

 

crypto key generate rsa modulus 2048

 

crypto pki trustpoint IOS_CA_R2

 rsakeypair R5.ipexpert.com 2048

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Technical Instructor - IPexpert, Inc.

Mailto:  <mailto:tsc...@ipexpert.com> tsc...@ipexpert.com

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com> www.ipexpert.com

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Simon
Baumann
Sent: Tuesday, January 19, 2010 2:20 PM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Improving RSA key strength (Cisco IOS CA
Server).

 

 

Hi,

I've entrolled R5 to R2 to obtain an certificate for an L2L VPN setup:

 

R5(config)#

Jan 19 18:38:01.291: %PKI-6-CERTRENEWAUTO: Renewing the router certificate
for trustpoint IOS_CA_R2

R5(config)#%

% Start certificate enrollment .. 

 

% The subject name in the certificate will include: cn=R5.ipexpert.com,
ou=CCIE, c=PL

% The subject name in the certificate will include: R5.ipexpert.com

% Certificate request sent to Certificate Authority

% The 'show crypto pki certificate verbose IOS_CA_R2' commandwill show the
fingerprint.

 

Jan 19 18:38:16.212: %PKI-6-CERTRENEWAUTO: Renewing the router certificate
for trustpoint IOS_CA_R2

R5(config)#

Jan 19 18:38:17.324: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair

R5(config)#

Jan 19 18:38:17.544: CRYPTO_PKI:  Certificate Request Fingerprint MD5:
56C3F241 107599D5 01540AF4 6C176D94 

Jan 19 18:38:17.544: CRYPTO_PKI:  Certificate Request Fingerprint SHA1:
44C0E625 6F1B68D8 96FE37A7 7EF2B4D3 C62EF26C 

R5(config)#

 

I wonder what's the easiest way to improve the key strenth above 512 bit.
TIA.

 

Cheers

Simon

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com