Certification Authority – decrease key lenght
One my colleague wanted to make one of our customer’s environment very secure so he decided to install Enterprise Certification Authority environment with 4kB keys. He created one offline root CA with 4kB key (Windows 2003). This computer is offline all the time. Another CA is Issuing CA which key is signed by root CA. This issuing CA also had 4kB key (Windows 2008 R2). Certificates issued by issuing CA were from 2kB-16kB.
Problem raised when customer wanted to create certificate for Cisco devices to secure Wifi. To make those devices use and trust certificates from issuing CA customer needed to import Root and Issuing CA public certificates into those Cisco devices. And this was a problem. Those Cisco devices didn’t want to work with more than 2kB certificates.
Recent Comments