+5Hi Mac Champs,
Im facing hard times helping the Security Team implement SHA2 for Mac.
I have a profile to go and pull .cer from the Certificate Authority but when it goes and knocks the door, it goes with 2048bit Keylength and the request is denied.
Has someone implemented SHA2 with 4096 bit length?
Thanks a lot!
CS
+3Hi,
Is this an AD Certificate? a SCEP certificate?.
If an AD Certificate, then the keylength is configured on the certificate template.
If SCEP, it looks like Casper only supports 2048 bits
+5Hi Paul, this is an AD certificate. Yes the key length is configured on the template according to the certificate team, but when i create a Config Profile to pull certificate from CA, the request from my Mac goes as 2048 only and it gets denied.
The cert team says the request is getting denied because the Mac is requesting with lower key length.
+5Finally after banging my head, I found the way to do this:
cindyzMac:~ cinSin$ sudo openssl req -nodes -newkey rsa:4096 -out cindyzMac.domin.com.csrThis does the job of creating SHA2 csr. Hope this will help someone.
Thankingfullistic
:)
+18You can set the keysize on 10.11 and higher in the configuration profile. Not sure if JAMF supports that, but I don't use the JSS for profiles.
https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW238
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.