Reset Search
 

 

Article

KB29228 - Generate a certificate signing request (CSR) with SHA256 or key sizes larger than 3072bit

« Go Back

Information

 
Last Modified Date10/7/2015 6:08 PM
Synopsis

This article provides instructions on how to generate a certificate signing request with Secure Hash Algorithm 256 (SHA256) or key sizes larger than 3072-bit.

(Note: SHA is a family of cryptographic hash functions published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard.)

Problem or Goal

When attempting to generate a certificate signing request from the Pulse Connect Secure device, there is no option for key sizes larger than 3072-bit or for using SHA256.

Cause
Solution

To generate a certificate signing request with Secure Hash Algorithm 256 (SHA256) or key sizes larger than 3072-bit, follow the procedure below.

Note: OpenSSL is required to generate a certificate signing request. This tool is available at https://www.openssl.org/).

Run the following command to generate a certificate signing request:

openssl req -nodes -sha256 -newkey rsa:4096 -keyout Private.key -out CertificateRequest.csr

This example command is generating a 4096-bit key with SHA256.

A Private.key should be stored in a safe place.  After the signed certificate is received back from the Certificate Authority, you will need this file to import the device certificate to the Pulse Connect Secure device.  You must provide the CertificateRequest.csr file to your Certificate Authority to enroll for a device certificate. After approval, you will receive a signed certificate.

Note: If PCS is running 8.2R3 or below, above steps are required to generate a certificate signing request (CSR) with SHA256 or key sizes larger than 2048-bit. 3072-bit key length is supported from PCS OS 8.2R4 & above

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255