pfSense

Submitted to me via e-mail from "warhol" when the DB was having issues:

Problem: Cert Manager only produces 1024bit certs,
no matter what key size is selected.

As discussed on #pfsense, a short bug report.
Last checked on: Snapshot from Sun Sep 19 01:32:51 UTC 2010 (amd64), full inst
Also checked on: earlier snapshots on embedded i386

How to reproduce:
Go to System -> Cert Manager, CAs tab, add a new CA, chose "internal CA".
Chose a key length other than 1024 (2048 is even pre-selected).
(Same game when creating an internal certificate on the Certificates tab.)

Then download the produced cert and check its details.
I use certtool from the GnuTLS project on linux:

cat test4096.crt | certtool -i

and find the following lines every time:

        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):

I had produced 2048bit certs at work before with xca and tinyca,
and confirmed they show up as "bits 2048" in certtool accordingly.
So assume the Cert Manager on pfsense just ignored the key length setting.