The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

2048-bit CSRs

Discussion in 'General Discussion' started by movielad, Dec 23, 2008.

  1. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Hello,

    I have a customer who has generated through WHM a CSR for his account. Unfortunately his SSL registrar has come back to say:

    * Public key size must be at least 2048 bits.
    * The CSR you submitted has a 1024 bit key size.
    The EV guidelines do not allow us to issue an EV certificate with a CSR less
    than 2048 bits.
    You must generate a new CSR that has a 2048 bit or higher key size.

    I thought cPanel's SSL manager generated 2048 bit requests by default. The customer is running Centos 4 64-bit.
     
  2. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    Same issue here.
    Anyone have any ideas on this?
     
  3. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    Does not look like cpanel/whm supports this so I have created an enhancement request at http://bugzilla.cpanel.net/show_bug.cgi?id=8433

    Everyone should vote on this in order to get cpanel to consider implementing it.

    Geotrust started with this new rule and I am pretty sure other SSL vendors will follow suit so this is important.
     
  4. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    In the meantime you can generate both the key and CSR via command line

    First do:
    openssl genrsa -out domainname.com.key 2048

    Then do:
    openssl req -new -key domainname.com.key -out domainname.com.csr
     
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This feature is added to our internal builds. Future cPanel 11.24 builds should have this for both the WHM and cPanel SSL interfaces.
     
  6. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    cpanelkenneth,
    Awesome, thanks.

    Happy New Year :)
     
Loading...

Share This Page