Skip to content

Commit

Permalink
Support 8192-bit RSA keys in default cert profile
Browse files Browse the repository at this point in the history 
Update the caIPAserviceCert profile to accept 8192-bit RSA keys.
Affects new installs only, because there is not yet a facility to
update included profiles.

Fixes: https://pagure.io/freeipa/issue/6319
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
  • Loading branch information
@frasertweedale
frasertweedale authored and Tomas Krizek committed Mar 22, 2017
1 parent 3ea2834 commit 1530758
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion install/share/profiles/caIPAserviceCert.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ policyset.serverCertSet.2.default.params.startTime=0
policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
policyset.serverCertSet.3.constraint.name=Key Constraint
policyset.serverCertSet.3.constraint.params.keyType=RSA
policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192
policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
policyset.serverCertSet.3.default.name=Key Default
policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
Expand Down

0 comments on commit 1530758

Please sign in to comment.