Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CUCM 9.1.2 - Generate a 2048 bit CSR?

Trying to generate a CSR as our old tomcat cert expired.  Due to other circumstances, we've had to set our internal CA to require 2048 bit keys at a minimum.  What we're finding is it seems that this version of CallManager will only generate CSRs with 1024 bit keys...I need to know if there's a way to change this and use 2048 bit keys in the request.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

CUCM in versions 8.0(3) and

CUCM in versions 8.0(3) and later will generate a 2048 bit key / CSR for Tomcat and for Other types of CSRs (like CallManager).  There was a defect opened for this: CSCtn01236 for 2048 bit updates. where CUCM certificates used only 1024 bit size

Cert Manager should generates Tomcat CSR using RSA 2048 instead of 1024:CSCso62711

This should be fixed in version 9. If you are still seeing 1024, then I suggest you open a TAC case

 

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
2 REPLIES
VIP Super Bronze

CUCM in versions 8.0(3) and

CUCM in versions 8.0(3) and later will generate a 2048 bit key / CSR for Tomcat and for Other types of CSRs (like CallManager).  There was a defect opened for this: CSCtn01236 for 2048 bit updates. where CUCM certificates used only 1024 bit size

Cert Manager should generates Tomcat CSR using RSA 2048 instead of 1024:CSCso62711

This should be fixed in version 9. If you are still seeing 1024, then I suggest you open a TAC case

 

Please rate all useful posts "The essence of christianity is not the enthronement but the obliteration of self --William Barclay"
New Member

Thanks Ayodeji.  I was able

Thanks Ayodeji.  I was able to confirm that it is indeed signing with a 2048 bit key, so I've passed the issue back to the systems group who manages our CA to see what their next steps are.

372
Views
0
Helpful
2
Replies
CreatePlease login to create content