Solved: E-Series (E2860) certificate CSR request

sanadmin_do

Two of our E-Series certificates have expired. We would now like to have our internal CA issue two new ones. However, since September 2024, our colleagues at the CA have required CSR requests with a length of 4096 bits. Can the length of 4096 bits be set in the SANtricity environment? Or are the CSR requests always issued with 2048 bits?

ahmadm

As of SANtricity OS 11.80.1, the E-Series generated CSR for management certificate uses a 3072 bit key. If 4096 is desired, then the CSR need to be generated externally (e.g Using openSSL).

As for SANtricity OS 11.80, the E-Series external key management service CSR generated by E-Series defaults to 3072 bits key. The default can be increased to 4096 bits if needed, but this change / method does not apply to the management certificate of E-Series Web-UI.

View solution in original post

ahmadm

As of SANtricity OS 11.80.1, the E-Series generated CSR for management certificate uses a 3072 bit key. If 4096 is desired, then the CSR need to be generated externally (e.g Using openSSL).

As for SANtricity OS 11.80, the E-Series external key management service CSR generated by E-Series defaults to 3072 bits key. The default can be increased to 4096 bits if needed, but this change / method does not apply to the management certificate of E-Series Web-UI.

sanadmin_do

Thanks for the information. I'm now trying to create the CSR request with the parameter "4096". But I always get the error message "Encountered "keySize" at line 1, column 201. Was expecting: "file" ...". I specified keySize="4096". According to the documentation, this is correct.