Monday, September 27, 2010

Certificate Signing Request (CSR) key size

In a recent blog entry I described how you can use 3rd party certificates within your Check Point gateway.
Now I was informed by Brian that some commercial CA don't sign any longer if the key size is only 1024 bit, you need at least 2048 bit.
How can we change the behaviour of the Check Point while issuing the CSR?
Just go to Global Properties -> SmartDashboard Customination -> Configure -> Certificates and PKI properties.
SmartDashboard Customization" title="Global Properties -> SmartDashboard Customization" width="500" height="479" class="alignnone size-full wp-image-393" style="padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; max-width: 100%; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; ">
There we have an option the define the key size for the certificates. Available values are 1024, 2048 and 4096 bit.
Certificate and PKI properties
Change this value according to your need and the requirements of the CA you chose for signing.
Starting with R71 they standard key size 2048.

No comments: