We had the same problem. I used OpenSSL to generate the CSR with a 2048-bit key and imported the root, cert and key into the CAS. It worked great. Here's the syntax I used.
openssl req -new -newkey rsa:2048 -keyout privkey.pem -nodes -out mycsr.pem -- Shane -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of James Simpson Sent: Tuesday, May 12, 2009 1:08 PM To: [email protected] Subject: Re: SSL Certs Jim, Thanks for the link but I forgot to mention we're on 4.1.3 currently which doesn't have those SSL options. We won't be upgrading to 4.5 until later this summer. Thanks, James Jim Thomas wrote: > > This doc shows the drop down in the CSR > (http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_gu ide/45/cas/s_admin.html) > . search for 2048 and it's the second option down. > > > > Thanks > > Jim > > > > Jim Thomas > > Area Networks, Inc. > > CCIE Security #16674 > > CCSP,CCNP,CCDP > > https://au.sun.com/im/ic_email.gif [email protected] > <mailto:[email protected]> > > https://au.sun.com/im/ic_phone.gif Cell: 916-342-2265 > > cid:[email protected] > > CCIE > > > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[email protected]] On Behalf Of James Simpson > Sent: Tuesday, May 12, 2009 12:50 PM > To: [email protected] > Subject: SSL Certs > > > > Anyone know a way to force CCA to generate 2048 bit key lengths instead > > of 1024? > -- James Simpson Security Engineer IT Services Miami University Oxford, OH Office 513-529-1595 Mobile 513-839-0083
