1 Reply Latest reply on Jan 18, 2013 9:23 AM by MKguy

    Certificate Signing Request - 1024 bits

    jpiscaer Hot Shot
    vExpert

      I need to use a signed certificate for the Horizon Mobile Manager appliance, otherwise my mobile phone will not connect to the server ("The certificate is not trusted because it is self-signed"). I'm trying to generate a signed certificate using the integrated CSR, but the interface can only generate 1024 bits CSRs. None of the external CA's accept 1024 bits CSRs anymore...

       

      What can I do to work around this problem?

        • 1. Re: Certificate Signing Request - 1024 bits
          MKguy Virtuoso

          That's quite a bummer, But if it's just about generating a generic CSR which you can present a certificate authority, why not just use openssl (works on Windows too) or any other usual way for generating a CSR?

           

          For example:

          openssl genrsa 2048 > private.key

          openssl req -new -out request.csr -key private.key -config sslconf.cfg

           

          sslconf.cfg should look like this:

          [ req ]
          default_bits = 2048
          default_keyfile = key
          distinguished_name = req_distinguished_name
          encrypt_key = no
          prompt = no
          string_mask = nombstr
          req_extensions = v3_req

           

          [ v3_req ]
          basicConstraints = CA:FALSE
          keyUsage = digitalSignature, keyEncipherment
          extendedKeyUsage = serverAuth
          subjectAltName = DNS: Server.FQDN.IfRequired, DNS: SomeOtherCoolPublic.Domain.Name

           

          [ req_distinguished_name ]
          countryName = US
          stateOrProvinceName = MiddleOfNowhere
          localityName = SomeCity
          0.organizationName = MyCompany
          organizationalUnitName = Department99
          commonName = ExternalPublicDNSName.FQDN