freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

#6790 [RFE] Allow creating IPA CA with 4096-bit key.

Created 7 months ago by ftweedal
Modified 18 days ago

IPA CA is created with 2048-bit key and there is no way to override this
during installation.

Allow IPA to be deployed with 4096-bit key. Presumably, key size should be customisable within reasonable-for-today limits, e.g. {2048, 3072, 4096, 8192, 16384}. Exactly what should be allowed is up for discussion.

Being able to use ECC instead of RSA for the IPA CA cert would be nice too.

@bja there's already a ticket for that: https://pagure.io/freeipa/issue/3951

(They could be be tackled at the same time, modulo other stuff breaking/not supporting ECC).

Edited 7 months ago by ftweedal
7 months ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to todo
- Issue set to the milestone: FreeIPA 4.7
- Issue tagged with: rfe

We might also consider making it default.

Login to comment on this ticket.

todo

cancel