Generating a 2048 length CSR

What version are you on?

The Firepass is a FirePass 1200 running 6.0.3 with all the current hot fixes and cumulative hotfixes applied.

 

 

Craig

There is a recent KB article on this...

 

 

https://support.f5.com/kb/en-us/solutions/public/10000/500/sol10540.html

 

 

Short answer - create your key and CSR with Openssl, get the cert, then import them onto the Firepass.

Hi Michael,

 

 

many thanks. Boy, you sure are active across all the forums!

 

 

Regards,

 

 

Craig

I hope that through helping others I can learn more about the Firepass myself. I wish this forum was more active so we could have more discussions about all the various FP features.

Hi Michael,

 

 

well I now have a 2048 Godaddy ssl cert now indtalled on the Firepass. Thanks for the pointer to the article. The only issue I had was that the cert must include a pass phrase or else the FP will not allow you install it, well at least not via the web interface, I'm sure it could be installed via the shell.

 

Craig

Hello,

 

I am also trying to generate a 2048 bit CSR for enTrust for the Firepass and will appreciate if you can help to answer my question about using the OpenSSL to create the CSR. I am using the command line as the support page.

 

 

openssl req -new -nodes -days 365 -newkey rsa:2048 -keyout new.key -out newcert.csr

 

 

Is the challenge password being ask in OpenSSL the same as the password which we enter into the Encryption Password on the Firepass GUI?

No.

 

 

Since your command has "-nodes" then your key is not encrypted and thus has no passphrase.

 

 

The challenge password will not be used on the Firepass.

Yes 2048 can be generated by the firepass in version 6.1.1 and above. Some folks use other software, personal preference really.

Hi, thanks for the reply. I checked and my version is 6.0.3 ?