Is it possible?

waropatrik · April 30, 2016, 10:26am

Hello is it possible to generate certificate wtih 4096 bit and sha256?

gouttegd · April 30, 2016, 10:42am

Yes it is.

The size of the key associated with the certificate is a decision left to the client. The official client defaults to a 2048-bits RSA key, but you are free to specify another size with the --rsa-key-size option.

As for the hash algorithm, Let’s Encrypt already uses SHA-256, you have nothing to do.

schoen · April 30, 2016, 4:40pm

Note that the only RSA key sizes currently accepted by the Let’s Encrypt CA are 2048, 3072, and 4096 bits. (The client is capable of requesting a cert for a different key size, but the Let’s Encrypt CA won’t issue it.)

waropatrik · April 30, 2016, 4:53pm

Thank you for info

Osiris · April 30, 2016, 5:16pm

Actually, goodKeyRSA() only checks for 2048 >= keysize >= 4096 and divisibility by 8 or not divisible by some small prime numbers:

https://github.com/letsencrypt/boulder/blob/master/core/good_key.go#L183

schoen · April 30, 2016, 5:43pm

@Osiris, thanks for the correction!

Topic		Replies	Views
Rekeying a certificate? Help	16	1980	November 29, 2020
Private key size > 4096 - strange error message Issuance Tech	7	7130	January 8, 2016
Convert sha384 to sha256 Client dev	9	6405	April 2, 2017
Encryption Algorithm and key size Server	8	15384	May 10, 2017
Generate a 2048 bit CSR and Certificates with ZeroSSL Help	15	8838	June 8, 2017

Is it possible?

Related topics