本文介绍如何将Checkpoint防火墙生成的证书签名请求(CSR)的默认密钥长度从1024位调整到2048位,以满足部分证书供应商的要求。通过修改SmartDashboard中的相关设置即可实现。
1. Situation
When submitting CSR to Symantec Verisign, it shows the CSR is not generated with a 2048 bit key. But from the place where to generate CSR in Checkpoint Smart Dashboard gateway properties window, there is no option to change 1024 bit key to 2048 bit or higher.
2. Research
It seems Checkpoint gateway is still using 1024 bit key. Checkpoint SK44961 has a solution for this.
3. Solutions
By default, when generating a CSR for 3rd party certificate use, the CSR is 1024bit. Some certificate vendors require 2048bit.
To change the default size of the CSR when generating it through the security gateway object:
- Open the SmartDashboard.
- Go to Policy -> Global Properties -> SmartDashboard Customization.
- Click ‘Configure’.
- In the opened Advanced Configuration view go to ‘Certificates and PKI properties’.
- Edit the “host_certs_key_size” property accordingly.
- Save and install the Security policy.
4. Verify
扫一扫
856
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
