Increase Public Key size to RSA4096 in certificate signing request

Unfortunately, it is not possible to create a CSR with 4096 key length today.  With HPE OneView 4.10 and the appliance put into CNSA Mode (which can break communication with legacy and older systems that cannot support the stronger encryption and cyphers), the CSR would generate a 3072 bit length key.

Thank you Chris for the reply.  

Just so I understand you correctly, with CNSA Mode the strongest encryption the appliance will generate is 3072 bits.  Is it then possible to generate a csr using openssl with the key size set to 4096 and import the cert?  In other words, does OneView accept/support certs with a 4096 bit Public key size generated by a csr outside of the appliance's own mechanism?

Unfortunately no.  HPE OneView must generate the CSR today.  We do not have a method to import both the private and publicly signed key to the appliance.

Are there any changes until today.

I saw the option over the GUI to use 3072bit but our company policiy only allows key kength of at least 4096

Is there a way to create manually and import Certificates using 4096bits now?

Plus 1 on this... We are in pretty much the same boat. 

Has this been 'fixed' yet (OneView 5.3) - The docs would suggest it hasn't...

Not in HPE OneView 5.3 or 5.4 (next week).  It is in the backlog though.

I am an HPE Employee

I have version 6.20.00-0443754 and still the same problem. 2048 bit for default or 3072 bits for CNSA compatible certificates. Is there an option to create a 4096 bit key/request now?

Regards, Daniel

We have not had many customers request 4k cert key length, only to reduce it to 2k.  Is this a hard requirement for your organization?