FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |

#6790 [RFE] Allow creating IPA CA with 4096-bit key.

Created a year ago by ftweedal
Modified 8 months ago

IPA CA is created with 2048-bit key and there is no way to override this
during installation.

Allow IPA to be deployed with 4096-bit key. Presumably, key size should be customisable within reasonable-for-today limits, e.g. {2048, 3072, 4096, 8192, 16384}. Exactly what should be allowed is up for discussion.

Being able to use ECC instead of RSA for the IPA CA cert would be nice too.

@bja there's already a ticket for that:

(They could be be tackled at the same time, modulo other stuff breaking/not supporting ECC).

Edited a year ago by ftweedal
a year ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to todo
- Issue set to the milestone: FreeIPA 4.7
- Issue tagged with: rfe

We might also consider making it default.

Login to comment on this ticket.