Community
HPE OneView
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Increase Public Key size to RSA4096 in certificate signing request

 
Lenny_Juarbe
Occasional Contributor

‎07-06-2018 05:45 AM - edited ‎07-09-2018 09:28 AM

‎07-06-2018 05:45 AM - edited ‎07-09-2018 09:28 AM

Increase Public Key size to RSA4096 in certificate signing request

Hello, 

I am trying to import CA signed certs for my OneView 4.00.9 appliances.  My CA admin was able to add the correct template with the following:

X509v3 Key Usage:

Digital Signature, NonRepudiation, Key Encipherment

X509v3 Extended Key Usage:

TLS Web ServerAuthentication, TLS Web Client Authentication

However, when submitting the request it complained about the Public Key size.  Apparently our policy is to use RSA 4096 bits. 

Question is how do you increase the Public Key size in the request to 4096?  

Any help is greatly appreciated.

0 Kudos
Reply
6 REPLIES 6
ChrisLynch
HPE Pro

‎07-23-2018 11:34 AM

‎07-23-2018 11:34 AM

Re: Increase Public Key size to RSA4096 in certificate signing request

Unfortunately, it is not possible to create a CSR with 4096 key length today.  With HPE OneView 4.10 and the appliance put into CNSA Mode (which can break communication with legacy and older systems that cannot support the stronger encryption and cyphers), the CSR would generate a 3072 bit length key.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Lenny_Juarbe
Occasional Contributor

‎07-23-2018 11:17 PM

‎07-23-2018 11:17 PM

Re: Increase Public Key size to RSA4096 in certificate signing request

Thank you Chris for the reply.  

Just so I understand you correctly, with CNSA Mode the strongest encryption the appliance will generate is 3072 bits.  Is it then possible to generate a csr using openssl with the key size set to 4096 and import the cert?  In other words, does OneView accept/support certs with a 4096 bit Public key size generated by a csr outside of the appliance's own mechanism?

0 Kudos
Reply
ChrisLynch
HPE Pro

‎07-24-2018 09:38 AM

‎07-24-2018 09:38 AM

Re: Increase Public Key size to RSA4096 in certificate signing request

Unfortunately no.  HPE OneView must generate the CSR today.  We do not have a method to import both the private and publicly signed key to the appliance.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Thomas24
New Member

‎05-19-2020 09:48 AM

‎05-19-2020 09:48 AM

Re: Increase Public Key size to RSA4096 in certificate signing request

Are there any changes until today.

I saw the option over the GUI to use 3072bit but our company policiy only allows key kength of at least 4096

Is there a way to create manually and import Certificates using 4096bits now?

 

Reply
TravellingKiwi
Occasional Visitor

‎09-03-2020 08:45 AM

‎09-03-2020 08:45 AM

Re: Increase Public Key size to RSA4096 in certificate signing request

Plus 1 on this... We are in pretty much the same boat. 

 

Has this been 'fixed' yet (OneView 5.3) - The docs would suggest it hasn't...

0 Kudos
Reply
DanCernese
HPE Pro

‎09-03-2020 08:49 AM - edited ‎09-03-2020 08:50 AM

‎09-03-2020 08:49 AM - edited ‎09-03-2020 08:50 AM

Re: Increase Public Key size to RSA4096 in certificate signing request

Not in HPE OneView 5.3 or 5.4 (next week).  It is in the backlog though.

I am an HPE Employee
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.