Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 2584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Key size for Web Protection Signing CA - old certificate 2048 bit - new certificate only 1024 bit

FelixSteinbeis

Hi,

I regenerated the Web Protection Signing CA certificate, because the old one was about to expire. (Web Protection --> Filter Options --> HTTPS CAs)

The new certificate has a key length of only 1024 bit. The old certificate had a length of 2048 bit.

Is this a bug? Was this changed with a firmware update?

How can I change the key size to 2048 bit or more?

Thanks.

Many greetings
Felix



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Felix,

    I just tried this on my lab UTM and can confirm that new Proxy CAs are now generated with a key length of 1024.  For years it was 2048 and used SHA1.  Today, it uses SHA256, so the new CAs are more secure than the older ones.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thank you very much.

    My old certificate, issued January 2016, has also SHA-256 signature algorithm with 2048 bit key size.

    The new one, issued March 2019, has SHA-256 signature algorithm but only with 1024 bit key size.

    I couldn't find SHA1 in my old certificate.

    Many greetings
    Felix

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    thank you very much.

    My old certificate, issued January 2016, has also SHA-256 signature algorithm with 2048 bit key size.

    The new one, issued March 2019, has SHA-256 signature algorithm but only with 1024 bit key size.

    I couldn't find SHA1 in my old certificate.

    Many greetings
    Felix

Children
No Data
Unfiltered HTML