4096bit key support

Hi,

Does Certify the web support 4096bit keys?
I know let’s encrypt does, but I can’t seem to find the possibility in this application.

Hi, I assume you are referring to CSR signing keys (there’s a few other keys involved in the overall process) - we currently use the Certes library and so we’re limited to the ones it supports. Regarding RSA key strength there is an outstanding issue in Certes: https://github.com/fszlin/certes/issues/171

Also: https://github.com/fszlin/certes/issues/24

I know its an old topic, but its the only one I can find about 4096 bit keys. I cant find an option in the latest version of Certify to setup the bits. Is it possible in some way?

Hi, currently this is a limitation in Certes ACME library that we use. I’ve done some work towards supporting this but as it’s not regularly requested it hasn’t really bubbled to the top of the priorities, I’m sure it will eventually though.

As a workaround you can use your own CSR: under your managed certificate settings, go to Certificate > Advanced > Signing & Security > Choose Custom CSR. An alternative is to use an ECDSA key but it depends on your use case (our UI allows P-521 but LE don’t actually support that level).

Any CSR you general has to set the common name to your primary subject domain and subject alternative names to your primary subject domain plus any other domains you want to include in the request. The app will then read these from the CSR and populate the domains required for challenge validation.

1 Like