| 2048 bit private RSA key? |  Search
|
|
NowSMS Support Forums ⬆ NowSMS Support - MMS & Advanced Issues ⬆ Archive through April 21, 2010 ⬆ |
◄ ► |
| Author | Message | |||
| Marc Storck New member Username: Mstorck Post Number: 1 Registered: 04-2010 |
My SSL Certificate supplier requires that my private key size is at least 2048 bit. NowSMS seems to generate keys with a key size of 1024 bit by default. How can I change this behavior? Regards, Marc | |||
| Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7906 Registered: 10-2002 |
Hi Marc, In the last 6 months, it does appear that most certificate authorities have made a switch to requiring 2048-bit private keys. This is because it is believed that increased computing power will make the commonly used 1024-bit keys possible to break by 2011. There is a side effect that some old web browsers don't support > 1024 bit keys. I can't find a good reference that tells me which versions of which browsers, but this is something to keep in mind. We've rebuilt the NowSMS SSL library to generate 2048 bit keys when generating a new certificate signing request (CSR). An update can be downloaded at http://www.nowsms.com/download/smsssl.zip. (Note: This is the same download link that you were referred to yesterday. Make sure the SMSSSL.DLL file inside this zip is dated 16-April-2009. If it is not, clear your browser cache and download again.) Stop the NowSMS services and exit NowSMS. Replace the existing SMSSSL.DLL in the Program Files\NowSMS directory with this version. Then choose the option in NowSMS to generate a new server certificate. Unfortunately, the change to 2048 bit key requirements will cause problems for renewals for customers that already have an SSL certificate signed by a certificate authority (CA). When your renewal time comes up, many CAs will not renew your certificate until you switch to a 2048 bit key. However, if you generate a new server certificate request with NowSMS, this forces the existing certificate to be immediately invalidated, which may cause problems for existing clients during the certificate renewal process. (This problem is not specific to NowSMS ... many web server administrators are facing similar problems.) If you face this renewal issue with NowSMS, here is what you should do. Locate and backup the following NowSMS files (in either Program Files\NowSMS for Windows XP/2003 or ProgramData\NowSMS for Windows Vista/7/2008): SSL.CRT SSL.CSR SSL.CA SSL.INI SSL.KEY On the "SSL/TLS" page of NowSMS, select the option to "Generate Server Certificate". You will be warned that doing this will invalidate your existing certificate. If you have backed up the files that I mentioned above, select "Yes" to continue. After the new certificate signing request has been generated, copy the new versions of SSL.CRT, SSL.CSR, SSL.INI and SSL.KEY to a different location for backup. (Note: There will not be an SSL.CA file as this file will not exist until you get your signed certificate back from the CA.) Put the old backup copies of these files (including SSL.CA) back in the appropriate NowSMS directory. Use the new SSL.CSR to request a signed certificate from your CA. When you get the signed certificate back from the CA, save it as SSL.CA. Now copy the new version of these files, including SSL.CA to the appropriate NowSMS directory and restart the NowSMS services. -bn | |||
