Symantec Critical System Protection support for 2048-bit certificates.
Article ID: 157976
Updated On:
Products
Critical System Protection
Issue/Introduction
Agents need to be checked for compatability with 2048-bit certificates.
Resolution
Support for 2048-bit keys was introduced in Openssl 0.9.7, and certificates of this type will therefore work with SCSP 5.2.4 and later. However, since SCSP 5.2.9, the keys will be generated with a SHA256 hash. This is not supported until Openssl 0.9.8. They will therefore not work on versions of SCSP prior to 5.2.6 in which Openssl 0.9.8n was introduced.
In order to create 2048-bit certificates on an SCSP 5.2.9 server to be compatible with SCSP 5.2.4 agents, you would need to add the following switch to the command lines mentioned below:
“-sigalg SHA1withRSA”.
| SCSP Version | 2048-bit cert support? | SHA256 support? | Default SHA version |
| 5.2.4.x | Yes | No | SHA1 |
| 5.2.5.x | Yes | No | SHA1 |
| 5.2.6.x | Yes | Yes | SHA1 |
| 5.2.7.x | Yes | Yes | SHA1 |
| 5.2.8.x | Yes | Yes | SHA1 |
| 5.2.9.x | Yes | Yes | SHA1 |
Feedback
Powered by
