Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 7, 2015 4:28 PM
Hello,
We have a CA that issues certifcate with 1024 key, we need to increase all certificates to 2048 key, it is posible?
How can we update our CA to only issue certificates with 2048 keys?
I will appreciate advices.
Best regards,
Manuel
Manuel´s Microsoft Forums Threads
All replies (1)
Thursday, October 8, 2015 12:36 AM ✅Answered | 1 vote
What kind of root CA do you have? If it is a standalone root ca, then it is up to the client to create and submit a request with a appropriate key size. There is no rule you can define for this, you just need to review any incoming request for the right key size before it is issued. If it is an Enterprise Root CA (meaning there is a Certificate Templates folder in the CA management tool), then the setting is on a per-template basis. Right click Certificate Templates, Manage and on the Cryptography tab change the Minimum keysize to a larger value. The V1 templates can not be changed and will not show a Cryptography tab. In that case you will need to start using a V2 or newer template with the correct keysize you want.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com