[cisco-voip] CUCM 7.0.2 Generate CSR Tomcat 1024 to 2048

Ryan Ratliff rratliff at cisco.com
Fri Feb 25 12:15:25 EST 2011 

You don't get to pick what's used for the CSR, you just have to generate it and see what it's using.

CUCM 8.0(3) generates 2048-bit CSRs for tomcat by default.

rratliff-mac:Desktop rratliff$ openssl req -text -noout -in tomcat.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=rratliff-cucm-8-pub.voip.rratliff.local, OU=TAC, O=Cisco, L=RTP, ST=NC, C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):

-Ryan

On Feb 25, 2011, at 11:46 AM, Mike King wrote:

No CA will issue a certificate of less than 2048 due to the NIST issuing recommendation http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf that Sizes of less than 2048 not be accepted.

The Real traction to this is that Microsoft (and all browser makers (Opera, Mozilla, Chrome)) have stated they will remove All 1024 bit CA certs from they're products as of December of 2010. (In support of the NIST deadline, detailed above)
http://technet.microsoft.com/en-us/library/cc751157.aspx

I'm not sure how to get CUCM to generate a 2048 CSR.

Do these docs help?

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html#wp1147888

Mike

On Fri, Feb 25, 2011 at 11:28 AM, Jimhend FORTIN Dany <jeterapres at hotmail.com> wrote:
Hello, 
 
I want to sign a CSR Tomcat SSL by a recognized authority. But my file is not accepted because it seems to be in 1024 and most authorities agree that CSR Certification of 2048.

Is there a company cheap that accepts CSR of 1024? Otherwise, how can that CUCM generates a CSR of 2048?

Thank you for your time
 
Dany

Jimhend jeterapres at hotmail.com



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110225/42c5bade/attachment.html>

More information about the cisco-voip mailing list