- Community Home
- >
- Software
- >
- HPE OneView
- >
- Increase Public Key size to RSA4096 in certificate...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2018 05:45 AM - edited 07-09-2018 09:28 AM
07-06-2018 05:45 AM - edited 07-09-2018 09:28 AM
Increase Public Key size to RSA4096 in certificate signing request
Hello,
I am trying to import CA signed certs for my OneView 4.00.9 appliances. My CA admin was able to add the correct template with the following:
X509v3 Key Usage:
Digital Signature, NonRepudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web ServerAuthentication, TLS Web Client Authentication
However, when submitting the request it complained about the Public Key size. Apparently our policy is to use RSA 4096 bits.
Question is how do you increase the Public Key size in the request to 4096?
Any help is greatly appreciated.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2018 11:34 AM
07-23-2018 11:34 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
Unfortunately, it is not possible to create a CSR with 4096 key length today. With HPE OneView 4.10 and the appliance put into CNSA Mode (which can break communication with legacy and older systems that cannot support the stronger encryption and cyphers), the CSR would generate a 3072 bit length key.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-23-2018 11:17 PM
07-23-2018 11:17 PM
Re: Increase Public Key size to RSA4096 in certificate signing request
Thank you Chris for the reply.
Just so I understand you correctly, with CNSA Mode the strongest encryption the appliance will generate is 3072 bits. Is it then possible to generate a csr using openssl with the key size set to 4096 and import the cert? In other words, does OneView accept/support certs with a 4096 bit Public key size generated by a csr outside of the appliance's own mechanism?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2018 09:38 AM
07-24-2018 09:38 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
Unfortunately no. HPE OneView must generate the CSR today. We do not have a method to import both the private and publicly signed key to the appliance.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 09:48 AM
05-19-2020 09:48 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
Are there any changes until today.
I saw the option over the GUI to use 3072bit but our company policiy only allows key kength of at least 4096
Is there a way to create manually and import Certificates using 4096bits now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2020 08:45 AM
09-03-2020 08:45 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
Plus 1 on this... We are in pretty much the same boat.
Has this been 'fixed' yet (OneView 5.3) - The docs would suggest it hasn't...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2020 08:49 AM - edited 09-03-2020 08:50 AM
09-03-2020 08:49 AM - edited 09-03-2020 08:50 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
Not in HPE OneView 5.3 or 5.4 (next week). It is in the backlog though.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2021 04:22 AM
09-07-2021 04:22 AM
Re: Increase Public Key size to RSA4096 in certificate signing request
I have version 6.20.00-0443754 and still the same problem. 2048 bit for default or 3072 bits for CNSA compatible certificates. Is there an option to create a 4096 bit key/request now?
Regards, Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2021 12:56 PM
09-08-2021 12:56 PM
Re: Increase Public Key size to RSA4096 in certificate signing request
We have not had many customers request 4k cert key length, only to reduce it to 2k. Is this a hard requirement for your organization?
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2022 04:50 AM - last edited on 08-01-2022 04:55 AM by Sunitha_Mod
07-28-2022 04:50 AM - last edited on 08-01-2022 04:55 AM by Sunitha_Mod
Re: Increase Public Key size to RSA4096 in certificate signing request
Hi Chris,
I'm infratructure engineer from Germany. My company will allow certificate templates with least RSA public keys 3072/4096bit after October 2022 depends to Federal Office for Information Security (BSI) "BSI TR-02102-1: "Cryptographic Mechanisms: Recommendations and Key Lengths" Version: 2022-1 " by January 2022. BSI recommened to use RSA keys hihger then 3000bit. I guess more german companies with HPE related hardware will get in this rsa key issue.
I'm running HPE Oneview 6.6 due still existing blade enclosures and BL460C Gen9.
So my question is is there a possibility to get CSR with 4096bit, also ILO 4+5 certificates which support 4096bit rsa public key?
Many Thanks Jens