This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Key Regeneration

I've got a client who's RED SSL key is only 1024 bits long. They are being audited for PCI compliance and the scans are finding this and causing them to fail. I opened a ticket with Sophos who told me that there is no way to regenerate the key. This sounds completely wrong to me. Can someone from higher up than the (worsening) tier 1 support confirm this for me?

If there really is no way to regenerate the keys, how on earth are people supposed to run these devices and remain PCI compliant? Is bad enough you can't install 3rd party certs on the VPN or RED services...

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Are you talking about the "RED Certificate for utm.domain.com" or the "red_client ..." certificate? I just activated RED on the lab UTM, and both are 2048-bit certs.

It is possible to install 3rd-party certs, but it's done at the command line using openssl and cc. It shouldn't be necessary though.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago

Are you talking about the "RED Certificate for utm.domain.com" or the "red_client ..." certificate? I just activated RED on the lab UTM, and both are 2048-bit certs.

It is possible to install 3rd-party certs, but it's done at the command line using openssl and cc. It shouldn't be necessary though.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data