We are relative novices with crypto/ssl. In the past we have used certificates with RSA and 1024 keys. We do not have a crypto card in our z9 box. Now we are told that we must get keys >= 2048. Is it possible to use RSA keys >1024 without a crypto card?
We use the certificate for tn3270. Using TelnetParms, Secureport 23, and Keyring SAF Telnetring. We use Top Secret for security. Top Secret documentation seems to imply that we'd have to use DSA instead of RSA. Our Certificate group (only knows about Unix) seems to insist that we have to get an RSA based key. About a month left until our old key expires. I'd hate to have all our users change their configs to allow an expired key. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
