subject:"Largest CA Keylength on VPN 3000 \[7\:73409\]"

RE: Largest CA Keylength on VPN 3000 [7:73409]

2003-08-14 Thread Reimer, Fred

Well, the manuals are wrong ;-)

The key size on the latest version of software is 2048 bits max.

It was not an allocation issue.

One pointer though, if you have to recreate your CA on a Microsoft platform
you may as well reformat the hard drive and start from scratch, as there is
no de-install for the SCEP add-on to IIS so you have to de-install the CA,
de-install IIS!, re-install IIS and the CA, then re-install SCEP, and even
then your CA is going to be all F'd up.  Somehow, I got to the point where
you could only request user and efs certs, not web server or server
certs like you can on another CA we have installed same version of
everything), plus you can't specify the OU, so you can't match that to a
group name.

We are using OpenSSL just fine, even on a Windows box with cygwin.

I hate Windows.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 06, 2003 5:01 AM
To: [EMAIL PROTECTED]
Subject: RE: Largest CA Keylength on VPN 3000 [7:73409]

Is it a size or allocation issue?


CSCdv48299 
If fewer than three spots remain in the CA certificate store of a VPN 3000
Concentrator, and an attempt is made to install a CA certificate with
associated RAs, then the RA or RAs are installed (filling the store) and the
root certificate is not installed. This is incorrect behavior. Instead, the
software should check to see if there is enough room in the store before
installing a partial CA certificate. Partial certificates should not be
installed. If the RAs and the Root certificate cannot be installed, the
software should install nothing.

Or just RTFM below?

Martijn


Key Size
 -
man Yes
scep Yes
 The algorithm for generating the public-key/private-key pair, and the key
size. If you are requesting an SSL certificate, of if you are requesting an
identity certificate using SCEP, only the RSA options are available.

RSA 512 bits = Generate 512-bit keys using the RSA (Rivest, Shamir, Adelman)
algorithm. This key size provides sufficient security and is the default
selection. It is the most common, and requires the least processing.

RSA 768 bits = Generate 768-bit keys using the RSA algorithm. This key size
provides normal security. It requires approximately 2 to 4 times more
processing than the 512-bit key.

RSA 1024 bits = Generate 1024-bit keys using the RSA algorithm. This key
size provides high security, and it requires approximately 4 to 8 times more
processing than the 512-bit key.

man Yes
csep No
DSA 512 bits = Generate 512-bit keys using DSA (Digital Signature
Algorithm).

DSA 768 bits = Generate 768-bit keys using the DSA algorithm.

DSA 1024 bits = Generate 1024-bit keys using the DSA algorithm.


 

-Oorspronkelijk bericht-
Van: Reimer, Fred [mailto:[EMAIL PROTECTED]
Verzonden: zaterdag 2 augustus 2003 14:49
Aan: [EMAIL PROTECTED]
Onderwerp: Largest CA Keylength on VPN 3000 [7:73409]


Let's see if anyone here can answer faster than Cisco TAC.

 

What is the largest CA root key length supported by the Cisco VPN
Concentrator 3000 series hardware?  I have a 4096 bit key and it won't
accept the root key because it can't validate it.

 

Fred Reimer - CCNA

Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050

NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73604t=73409
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http

RE: Largest CA Keylength on VPN 3000 [7:73409]

2003-08-06 Thread [EMAIL PROTECTED]

Is it a size or allocation issue?


CSCdv48299 
If fewer than three spots remain in the CA certificate store of a VPN 3000
Concentrator, and an attempt is made to install a CA certificate with
associated RAs, then the RA or RAs are installed (filling the store) and the
root certificate is not installed. This is incorrect behavior. Instead, the
software should check to see if there is enough room in the store before
installing a partial CA certificate. Partial certificates should not be
installed. If the RAs and the Root certificate cannot be installed, the
software should install nothing.

Or just RTFM below?

Martijn


Key Size
 -
man Yes
scep Yes
 The algorithm for generating the public-key/private-key pair, and the key
size. If you are requesting an SSL certificate, of if you are requesting an
identity certificate using SCEP, only the RSA options are available.

RSA 512 bits = Generate 512-bit keys using the RSA (Rivest, Shamir, Adelman)
algorithm. This key size provides sufficient security and is the default
selection. It is the most common, and requires the least processing.

RSA 768 bits = Generate 768-bit keys using the RSA algorithm. This key size
provides normal security. It requires approximately 2 to 4 times more
processing than the 512-bit key.

RSA 1024 bits = Generate 1024-bit keys using the RSA algorithm. This key
size provides high security, and it requires approximately 4 to 8 times more
processing than the 512-bit key.

man Yes
csep No
DSA 512 bits = Generate 512-bit keys using DSA (Digital Signature
Algorithm).

DSA 768 bits = Generate 768-bit keys using the DSA algorithm.

DSA 1024 bits = Generate 1024-bit keys using the DSA algorithm.


 

-Oorspronkelijk bericht-
Van: Reimer, Fred [mailto:[EMAIL PROTECTED]
Verzonden: zaterdag 2 augustus 2003 14:49
Aan: [EMAIL PROTECTED]
Onderwerp: Largest CA Keylength on VPN 3000 [7:73409]


Let's see if anyone here can answer faster than Cisco TAC.

 

What is the largest CA root key length supported by the Cisco VPN
Concentrator 3000 series hardware?  I have a 4096 bit key and it won't
accept the root key because it can't validate it.

 

Fred Reimer - CCNA

Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050

NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73593t=73409
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Largest CA Keylength on VPN 3000 [7:73409]

2003-08-02 Thread Reimer, Fred

Let's see if anyone here can answer faster than Cisco TAC.

 

What is the largest CA root key length supported by the Cisco VPN
Concentrator 3000 series hardware?  I have a 4096 bit key and it won't
accept the root key because it can't validate it.

 

Fred Reimer - CCNA

Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050

NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73409t=73409
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Largest CA Keylength on VPN 3000 [7:73409]

RE: Largest CA Keylength on VPN 3000 [7:73409]

Largest CA Keylength on VPN 3000 [7:73409]

3 matches

Site Navigation

Mail list logo

Footer information