SHA2 Certificates on Mac

New Contributor III

Hi Mac Champs,
Im facing hard times helping the Security Team implement SHA2 for Mac.
I have a profile to go and pull .cer from the Certificate Authority but when it goes and knocks the door, it goes with 2048bit Keylength and the request is denied. Has someone implemented SHA2 with 4096 bit length?

Thanks a lot!


New Contributor

Is this an AD Certificate? a SCEP certificate?.

If an AD Certificate, then the keylength is configured on the certificate template.
If SCEP, it looks like Casper only supports 2048 bits

New Contributor III

Hi Paul, this is an AD certificate. Yes the key length is configured on the template according to the certificate team, but when i create a Config Profile to pull certificate from CA, the request from my Mac goes as 2048 only and it gets denied.
The cert team says the request is getting denied because the Mac is requesting with lower key length.

New Contributor III

Finally after banging my head, I found the way to do this:

cindyzMac:~ cinSin$ sudo openssl req -nodes -newkey rsa:4096 -out

This does the job of creating SHA2 csr. Hope this will help someone.


Valued Contributor III

You can set the keysize on 10.11 and higher in the configuration profile. Not sure if JAMF supports that, but I don't use the JSS for profiles.