Project

General

Profile

Actions

Bug #905

closed

OpenVPN certificate manager uses incorrect key length

Added by Jim Pingle about 14 years ago. Updated about 14 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
09/19/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Submitted to me via e-mail from "warhol" when the DB was having issues:

Problem: Cert Manager only produces 1024bit certs,
no matter what key size is selected.

As discussed on #pfsense, a short bug report.
Last checked on: Snapshot from Sun Sep 19 01:32:51 UTC 2010 (amd64), full inst
Also checked on: earlier snapshots on embedded i386

How to reproduce:
Go to System -> Cert Manager, CAs tab, add a new CA, chose "internal CA".
Chose a key length other than 1024 (2048 is even pre-selected).
(Same game when creating an internal certificate on the Certificates tab.)

Then download the produced cert and check its details.
I use certtool from the GnuTLS project on linux:

cat test4096.crt | certtool -i

and find the following lines every time:

        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):

I had produced 2048bit certs at work before with xca and tinyca,
and confirmed they show up as "bits 2048" in certtool accordingly.
So assume the Cert Manager on pfsense just ignored the key length setting.

Actions

Also available in: Atom PDF