Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2048 bit Certificate for LMS 3.1

Hello,

has anyone experiences how to use a CA signed 2048bit Certificate for SSL in LMS 3.1.

Per default LMS uses a self signed 1024bit Certificate which is not secure enough for our Security policies.

Thanks a lot

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2048 bit Certificate for LMS 3.1

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

5 REPLIES
Blue

Re: 2048 bit Certificate for LMS 3.1

Not sure about the 2048-bit part, but LMS can certain use CA certficate, per the documentation: "You can upload Third Party Security Certificates using the SSL Utility Script"

either

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.1/user/guide/admin.html#wp843846

or

http://(your-lms-hostname-here):1741/help/cmf/sysadmin_self_sign_cert.html

Cisco Employee

Re: 2048 bit Certificate for LMS 3.1

Modulo 2048 certs should be fine. Anything above that will most certainly trigger failures.

New Member

Re: 2048 bit Certificate for LMS 3.1

That's good, but how can i generate a 2048 cert ?

I've found not hints in SSLUtil.pl or Help.

Cisco Employee

Re: 2048 bit Certificate for LMS 3.1

I had assumed you already had one signed by a CA or local to your organization. If not, you can change the instances of 1024 to 2048 in NMSROOT/MDC/Apache/bin/ConfigSSL.pl and SignTool.pl to generate such a cert.

New Member

Re: 2048 bit Certificate for LMS 3.1

Thank you very much.

578
Views
4
Helpful
5
Replies