[cisco-voip] CUCM 7.0.2 Generate CSR Tomcat 1024 to 2048
Jason Aarons (US)
jason.aarons at us.didata.com
Mon Mar 14 11:26:41 EDT 2011
Tandber's documentation also has you generating CSRs with 1024 bits which won't be accepted.....stale documentation...
http://www.tandberg.com/collateral/documentation/Deployment_Guides/Cisco_VCS_Certificate_Creation_and_Use_Deployment_Guide.pdf
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ryan Ratliff
Sent: Friday, February 25, 2011 12:15 PM
To: Mike King
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CUCM 7.0.2 Generate CSR Tomcat 1024 to 2048
You don't get to pick what's used for the CSR, you just have to generate it and see what it's using.
CUCM 8.0(3) generates 2048-bit CSRs for tomcat by default.
rratliff-mac:Desktop rratliff$ openssl req -text -noout -in tomcat.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=rratliff-cucm-8-pub.voip.rratliff.local, OU=TAC, O=Cisco, L=RTP, ST=NC, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
-Ryan
On Feb 25, 2011, at 11:46 AM, Mike King wrote:
No CA will issue a certificate of less than 2048 due to the NIST issuing recommendation http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf that Sizes of less than 2048 not be accepted.
The Real traction to this is that Microsoft (and all browser makers (Opera, Mozilla, Chrome)) have stated they will remove All 1024 bit CA certs from they're products as of December of 2010. (In support of the NIST deadline, detailed above)
http://technet.microsoft.com/en-us/library/cc751157.aspx
I'm not sure how to get CUCM to generate a 2048 CSR.
Do these docs help?
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html#wp1147888
Mike
On Fri, Feb 25, 2011 at 11:28 AM, Jimhend FORTIN Dany <jeterapres at hotmail.com<mailto:jeterapres at hotmail.com>> wrote:
Hello,
I want to sign a CSR Tomcat SSL by a recognized authority. But my file is not accepted because it seems to be in 1024 and most authorities agree that CSR Certification of 2048.
Is there a company cheap that accepts CSR of 1024? Otherwise, how can that CUCM generates a CSR of 2048?
Thank you for your time
Dany
Jimhend jeterapres at hotmail.com<mailto:jeterapres at hotmail.com>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-----------------------------------------
Disclaimer:
This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110314/90536ad3/attachment.html>
More information about the cisco-voip
mailing list