How to force IOS PKI Server to use 2048 and not 1024
I am using my AAP to work on Cristian Matei’s “CCIE Security V4 Lab Preparation”.
On Chapter “IKEv1 with PKI” at 31:52.
I am doing it a little different, so please bear with me; I am enrollment slef signed for root and terminal for idenitty.
I want to use 2048 and not 1024 for RSA keys.
However, every time I build my “crypto pki server R7” it always builds 1024
“% Generating 1024 bit RSA keys, keys will be non-exportable with redundancy…”
In the “crypto pki trustpoint R7” I reference a set of keys I made “rsakeypair R7” with 2048
“crypto key generate rsa general-keys label R7 modulus 2048 exportable”
But no luck, the server drops down to 1024.
On the other routers, I need to make the keys 1024 and not 2048 for the CA’s trustpoint, which makes sense
If I make the keys 2048, I get this error “% You must authenticate the Certificate Authority before you can import the router's certificate.”
But when I make a set of keys with 1024, and reference these keys in the trust point, it all works fine.
Anybody now how or if I can get my PKI test lab up to 2048?
Looks like the “long pole in the tent is my method of building the PKI server.
crypto pki trustpoint R7
subject-name CN=R7, ou=Matt, o=Butcher, l=Baltimore, st=MD, c=US, [email protected]