× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Vote
Hide Results
Top Contributors
See All
0 Kudos

Allow higher bit CSR for setting up CA certificates XS748T

Status: New Idea Submitted by Aspirant on ‎2018-11-06 07:23 AM
Comment

(I actually have the 48 port model but that wasn't in the drop down list.)

 

I ran into a problem when trying to get a legitimate (as opposed to self-signed) CA certificate. The CSR that this switch generates is 1024 bit and my CA issuer requires 2048 bits minimum. I would like to request a larger range available for CSR generation so that I can get a good CA certificate for the switch.  This could be easily done with a drop down giving the user a choice between 1024, 2048, 4096 etc bits to use in the private key and CSR thusly generated. 

 

I have witnessed other infrastructure become slowly more difficult to access because modern browsers are demanding more stringent standards for the certificates they recognize; I have some PDU's that I literally have to run 2006-era Firefox browsers to get into these days. I don't want to have to deal with this in the future with the switches.  If these switches are to be primarily accessed via a web browser without some kind of ssh option, direct console access, or other secure alternative, this seems like an important issue.  Browsers are increasingly rejecting self-signed certificates as well.

 

Here's a link to my original question about this issue:

https://community.netgear.com/t5/Smart-Plus-Click-Switches/generating-certificates-with-GREATER-than...

 

Thank you for your consideration to this idea/request.

 

--Cindy

See more ideas labeled with: