Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more > [1]
Ironport C100 is currently unable to create keys and certificate requests, however, below are some guidelines on how to generate a CSR and install an SSL certificate on your IronPort device:
*** Generate RSA Key and Certificate Request (CSR) ***
Ironport C100 is currently unable to create keys and certificate requests. You can use "openssl" toolkit on Linux/Windows to generate the CSR. Here are the commands you can use:
On a Linux/Windows computer with OpenSSL toolkit installed:
shell> openssl genrsa -des3 -out server.key 2048 openssl req -new -key
shell> servername.key -out server.csr openssl rsa -in servername.key
shell> -out server.key.PEMunsecure
*** Request Certificate from Digi-Sign **
Send the contents of the "server.csr" file to your account manager in Digi-Sign
Links:
[1] http://www2.digi-sign.com/about/announcements/2048