Can you change the Minimum Key Size of a Root CA certificate?
Can you change the minimum key size of your Root certificate authority certificate from 4096 to 2048 without having to revoke and reissue all the existing certificates in your environment? Some systems/applications can not handle a key that large.
August 3rd, 2010 11:38pm

On Tue, 3 Aug 2010 20:38:27 +0000, G-r-e-g wrote: Can you change the minimum key size of your Root certificate authority certificate from 4096 to 2048 without having to revoke and reissue all the existing certificates in your environment? Some systems/applications can not handle a key that large. You can do this by simply modifying CApolicy.inf and then performing a renewal with a new key pair. Keep in mind however that most systems/apps that can't handle a 4K key can't handle them anywhere in the chain. If your issuing/policy CAs are using 4K keys you'll need to do the same with them as well. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2010 2:23am

From experience of people on this forum, what are typical systems and applications (and version) not supporting a key that large ? I see that key size becoming more and more common nowadays.
August 4th, 2010 8:08am

Hi, As far as I know, some hardware components, such as AMT, do not support 4096 bit key length. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2010 5:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics