Unable to import 3072 bits length CSR created with Certificate Manager into the certificate authority

search cancel

Unable to import 3072 bits length CSR created with Certificate Manager into the certificate authority

book

Article ID: 375816

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Unable to import 3072 bits length CSR created with Certificate Manager into the certificate authority.

Environment

VMware vSphere 8.0
VMware vCenter Server 8.0

Cause

In vSphere 8.0, you can only generate CSRs with a minimum key length of 3072 bits when using the vSphere Certificate Manager. vCenter Server still does accept custom certificates bearing a key length of 2048 bits.

Resolution

If using vCenter 8.0 Update 1 or later, you can use the vSphere Client to generate a CSR with a key length of 2048 bits. Otherwise, perform the steps below to create the CSR on command line:

1. SSH to the vCenter and create a CSR with this OpenSSL command:

    openssl req -newkey rsa:2048 -keyout private.key -out vcenter-name.csr

2. Download the CSR file using tools like WinSCP from the directory where you ran the OpenSSL command.

3. Submit 2048 bit CSR to certificate authority.

Additional Information

Refer to vSphere Certificate Requirements for Different Solution Paths

Feedback

thumb_up Yes

thumb_down No