Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Key Regeneration

CClasen
I've got a client who's RED SSL key is only 1024 bits long.  They are being audited for PCI compliance and the scans are finding this and causing them to fail.  I opened a ticket with Sophos who told me that there is no way to regenerate the key.  This sounds completely wrong to me.  Can someone from higher up than the (worsening) tier 1 support confirm this for me?

If there really is no way to regenerate the keys, how on earth are people supposed to run these devices and remain PCI compliant?  Is bad enough you can't install 3rd party certs on the VPN or RED services...


This thread was automatically locked due to age.
Parents
  • 0
    If the client is on 9.3, I believe you could delete the RED(s) (be sure to note the 'Unlock code' for each deleted RED!), disable RED Management on the 'Global Settings' tab, re-enable it, add the RED(s) again and wind up with a 2048-bit key.  Did that work?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    If the client is on 9.3, I believe you could delete the RED(s) (be sure to note the 'Unlock code' for each deleted RED!), disable RED Management on the 'Global Settings' tab, re-enable it, add the RED(s) again and wind up with a 2048-bit key.  Did that work?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML