Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

2048-bit CSRs

Discussion in 'General Discussion' started by movielad, Dec 23, 2008.

  1. movielad

    movielad Well-Known Member

    Joined:
    May 14, 2003
    Messages:
    109
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I have a customer who has generated through WHM a CSR for his account. Unfortunately his SSL registrar has come back to say:

    * Public key size must be at least 2048 bits.
    * The CSR you submitted has a 1024 bit key size.
    The EV guidelines do not allow us to issue an EV certificate with a CSR less
    than 2048 bits.
    You must generate a new CSR that has a 2048 bit or higher key size.

    I thought cPanel's SSL manager generated 2048 bit requests by default. The customer is running Centos 4 64-bit.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    Same issue here.
    Anyone have any ideas on this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    Does not look like cpanel/whm supports this so I have created an enhancement request at http://bugzilla.cpanel.net/show_bug.cgi?id=8433

    Everyone should vote on this in order to get cpanel to consider implementing it.

    Geotrust started with this new rule and I am pretty sure other SSL vendors will follow suit so this is important.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    In the meantime you can generate both the key and CSR via command line

    First do:
    openssl genrsa -out domainname.com.key 2048

    Then do:
    openssl req -new -key domainname.com.key -out domainname.com.csr
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,569
    Likes Received:
    45
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    This feature is added to our internal builds. Future cPanel 11.24 builds should have this for both the WHM and cPanel SSL interfaces.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    cpanelkenneth,
    Awesome, thanks.

    Happy New Year :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice