Macharius92
commented
5 years ago Hi,
I'm using this awesome tool too ! Any news about allowing a 4096 encryption strength ?
Open daveyyoung opened 6 years ago
Macharius92
commented
5 years ago Hi,
I'm using this awesome tool too ! Any news about allowing a 4096 encryption strength ?
ebekker
commented
5 years ago Unfortunately, out of the box, the in-built private key generator is fixed at 2048-bit. However, if you use an external tool, such as this one to generate a private key in PEM format first, you can specify the key length on it, then input that into the New-ACMECertificate cmdlet with the -KeyPemFile parameter.
ebekker
commented
5 years ago Macharius92
commented
5 years ago Any chance you review the PR ? I would love to give a try to a new version to generate certificate with 4096 bits key.
ebekker
commented
5 years ago The PR has been merged and new versions of PWSH modules rebuilt. Can you test the pre-release versions to make sure it works for you: https://www.myget.org/gallery/acmesharp-posh-staging
If you confirm, I'll publish to the gallery, thanks!
Macharius92
commented
5 years ago Just tested it and it works like a charm ! I used the -NumBits4096 flag when calling the New-Certificate commandlet and i now have a certificate signed with a 4096 bits key.
Macharius92
commented
5 years ago @daveyyoung have you tried the pre-release version ? Can you make a feedback so @ebekker will be able to push it to the gallery for everyone ;)
daveyyoung
commented
5 years ago Hey @Macharius92 , just tested there with a SAN certificate and the -NumBits4096 parameter. Worked effortlessly, thanks to you both for the development!
Awesome project, I'm using your PowerShell module with good results for SAN certs...
Following on from this thread:
https://github.com/PKISharp/win-acme/issues/29#issuecomment-369824030
It would be great to be able to up the key size from the default 2048 to 4096 for increased security.
Cheers,
D