Hello is it possible to generate certificate wtih 4096 bit and sha256?
Yes it is.
The size of the key associated with the certificate is a decision left to the client. The official client defaults to a 2048-bits RSA key, but you are free to specify another size with the --rsa-key-size
option.
As for the hash algorithm, Let’s Encrypt already uses SHA-256, you have nothing to do.
1 Like
Note that the only RSA key sizes currently accepted by the Let’s Encrypt CA are 2048, 3072, and 4096 bits. (The client is capable of requesting a cert for a different key size, but the Let’s Encrypt CA won’t issue it.)
1 Like
Thank you for info
Actually, goodKeyRSA()
only checks for 2048 >= keysize >= 4096 and divisibility by 8 or not divisible by some small prime numbers:
https://github.com/letsencrypt/boulder/blob/master/core/good_key.go#L183
2 Likes