Posted on 09-13-2016 03:33 AM
Hi Mac Champs,
Im facing hard times helping the Security Team implement SHA2 for Mac.
I have a profile to go and pull .cer from the Certificate Authority but when it goes and knocks the door, it goes with 2048bit Keylength and the request is denied.
Has someone implemented SHA2 with 4096 bit length?
Thanks a lot!
CS
Posted on 09-13-2016 03:58 AM
Hi,
Is this an AD Certificate? a SCEP certificate?.
If an AD Certificate, then the keylength is configured on the certificate template.
If SCEP, it looks like Casper only supports 2048 bits
Posted on 09-13-2016 11:29 AM
Hi Paul, this is an AD certificate. Yes the key length is configured on the template according to the certificate team, but when i create a Config Profile to pull certificate from CA, the request from my Mac goes as 2048 only and it gets denied.
The cert team says the request is getting denied because the Mac is requesting with lower key length.
Posted on 11-24-2016 07:43 AM
Finally after banging my head, I found the way to do this:
cindyzMac:~ cinSin$ sudo openssl req -nodes -newkey rsa:4096 -out cindyzMac.domin.com.csr
This does the job of creating SHA2 csr. Hope this will help someone.
Thankingfullistic
:)
Posted on 11-28-2016 09:28 AM
You can set the keysize on 10.11 and higher in the configuration profile. Not sure if JAMF supports that, but I don't use the JSS for profiles.
https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW238