Cisco Cisco IronPort Encryption Appliance Troubleshooting Guide
IEA 2048 Bit Key Support for CSR on IEA
Configuration Example
Configuration Example
Document ID: 117964
Contributed by Kishore Yerramreddy, Cisco TAC Engineer.
Jul 16, 2014
Jul 16, 2014
Contents
Introduction
Configure
Generate a Certificate
Import a Certificate
Verify
Troubleshoot
Configure
Generate a Certificate
Import a Certificate
Verify
Troubleshoot
Introduction
This document describes how to generate 2048 bit key support for Certificate Signing Request (CSR) on the
Cisco IronPort Encryption Appliance (IEA).
Cisco IronPort Encryption Appliance (IEA).
Configure
Most of the Certificate Authorities (CAs) have stated an explicit request to have all CSRs generated with a
key pair of length 2048 bit. By default, IEA Version 6.5 uses 1024 bit key length for key pair generation. In
order to force the IEA to generate a key pair of length 2048, use the keytool command as described here.
key pair of length 2048 bit. By default, IEA Version 6.5 uses 1024 bit key length for key pair generation. In
order to force the IEA to generate a key pair of length 2048, use the keytool command as described here.
Generate a Certificate
Log in to the IEA CLI
1.
At the main menu, type x in order to drop into the shell.
2.
Change to the root user:
$ su −
3.
Execute the keytool in order to create a new keystore:
# /usr/local/postx/server/jre/bin/keytool −genkey −alias <server alias>
−keyalg RSA −keysize 2048 −keystore <name the new keystore>
*alias should be what the server is known as externally when customers
log into the device
*When prompted for password use a easily remembered password
*Enter in all requested information when prompted for the certificate
request, make special note of the next question:
−−− What is your first and last name?
[Unknown]: server1.example.com
*For this question enter in the fully qualified domain name
of the system
4.