Is it possible?


#1

Hello is it possible to generate certificate wtih 4096 bit and sha256?


#2

Yes it is.

The size of the key associated with the certificate is a decision left to the client. The official client defaults to a 2048-bits RSA key, but you are free to specify another size with the --rsa-key-size option.

As for the hash algorithm, Let’s Encrypt already uses SHA-256, you have nothing to do.


#3

Note that the only RSA key sizes currently accepted by the Let’s Encrypt CA are 2048, 3072, and 4096 bits. (The client is capable of requesting a cert for a different key size, but the Let’s Encrypt CA won’t issue it.)


#4

Thank you for info :slight_smile:


#5

Actually, goodKeyRSA() only checks for 2048 >= keysize >= 4096 and divisibility by 8 or not divisible by some small prime numbers:

https://github.com/letsencrypt/boulder/blob/master/core/good_key.go#L183


#6

@Osiris, thanks for the correction!