Title
CLI CSR Process Brief ExplainationArticle Number
000012263Article Type
Internal_Process__kavVersion Number
1Publication Status
OnlineContent
The current process for Exinda to generate a certificate signing request (CSR) is still a valid function of ExOS. However, because of the 1024-bit limitation of the CSR output through the Exinda CLI, when submit trusted certificate authority (CA) the signing request will be denied.The reason for this is because as of January 1, 2014, the Certificate Authority/Browser Forum (CA/B) and the National Institute of Standards (NIST) set a new global standard for a much more secure, more tamper resistant 2048-bit certificate and phased out all existing 1024-bit certificates due to growing security concerns. RSA-576, -640, -704, & -768 were also phased out as they were no longer safe to use for TLS/SSL (they were all exploitable).
Because of this newer standard, currently the process listed above will not help a customer who tries to get an Exinda generated CSR signed by a trusted CA. In a future build maybe the 2048-bit length will be an option but as of today (July 20, 2016) there is no way for the Exinda to output a 2048-bit CSR.