2048 bit Certificate for LMS 3.1

Answered Question
Aug 4th, 2009
User Badges:

Hello,


has anyone experiences how to use a CA signed 2048bit Certificate for SSL in LMS 3.1.


Per default LMS uses a self signed 1024bit Certificate which is not secure enough for our Security policies.


Thanks a lot

Correct Answer by Joe Clarke about 7 years 9 months ago

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (3 ratings)
Loading.
yjdabear Tue, 08/04/2009 - 07:26
User Badges:
  • Gold, 750 points or more

Not sure about the 2048-bit part, but LMS can certain use CA certficate, per the documentation: "You can upload Third Party Security Certificates using the SSL Utility Script"


either

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.1/user/guide/admin.html#wp843846


or

http://(your-lms-hostname-here):1741/help/cmf/sysadmin_self_sign_cert.html

Joe Clarke Tue, 08/04/2009 - 08:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Modulo 2048 certs should be fine. Anything above that will most certainly trigger failures.

rfuerdauer Thu, 08/06/2009 - 01:43
User Badges:

That's good, but how can i generate a 2048 cert ?

I've found not hints in SSLUtil.pl or Help.

Correct Answer
Joe Clarke Thu, 08/06/2009 - 08:32
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

Actions

This Discussion