Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:services:it_security:pki:start [2020/06/24 17:10]
thinder [Certificate pick up]
en:services:it_security:pki:start [2020/07/29 16:47] (current)
thinder [GWDG] Schlüssellänge von 2048 auf 4096 erhöht.
Line 40: Line 40:
 </​WRAP>​ </​WRAP>​
  
-According to the following, as described in [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_8-9-2019_www.pdf#page=4|GN 08-09|19]] (currently only in German) in the paragraph "Der neue Beantragungsweg",​ the path to the new application pages is described, this will change from Fig. 2 there as described in the following.+According to the following, as described in [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_4-5-2020_www.pdf#page=26|GN 04-05|20]] (currently only in German) in the paragraph "Der neue Beantragungsweg",​ the path to the new application pages is described, this will change from Fig. 2 there as described in the following.
  
 {{:​en:​services:​it_security:​pki:​email_1.1_nachtrag_01_en.png?​800|There are now two larger buttons. To apply, click the "Apply for a new user certificate"​ button.}} {{:​en:​services:​it_security:​pki:​email_1.1_nachtrag_01_en.png?​800|There are now two larger buttons. To apply, click the "Apply for a new user certificate"​ button.}}
Line 103: Line 103:
  
 <WRAP center round info 60%> <WRAP center round info 60%>
-For further steps and detailed instructions on the installation of the certificate in various email clients, read the information in the following documents:+For further steps and detailed instructions on how to install and use the certificate in different e-mail ​clients, ​please ​read the following documents:
  
 E-Mail-Verschlüsselung mit X.509-Zertifikaten E-Mail-Verschlüsselung mit X.509-Zertifikaten
Line 109: Line 109:
   - [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_1-2-2020_www.pdf#​page=14|GWDG Nachrichten 1-2|20]] - Teil 2: Installation und Verteilung von Zertifikaten   - [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_1-2-2020_www.pdf#​page=14|GWDG Nachrichten 1-2|20]] - Teil 2: Installation und Verteilung von Zertifikaten
   - [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_3-2020_www.pdf#​page=6|GWDG Nachrichten 3|20]] - Teil 3: Outlook-E-Mail-Anwendungen   - [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_3-2020_www.pdf#​page=6|GWDG Nachrichten 3|20]] - Teil 3: Outlook-E-Mail-Anwendungen
 +  - [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_4-5-2020_www.pdf#​page=26|GWDG Nachrichten 4-5|20]] - Überarbeitung des neuen Beantragungsweges für Nutzerzertifikate in der DFN-PKI
 +
  
 <WRAP center round important 60%> <WRAP center round important 60%>
Line 167: Line 169:
 ==== Unix/OS X ==== ==== Unix/OS X ====
 Simple Bash script... Simple Bash script...
-<code bash createcsr.sh>​openssl req -newkey rsa:2048 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​+<code bash createcsr.sh>​openssl req -newkey rsa:4096 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​
   * Download createscr.sh script.   * Download createscr.sh script.
   * Change flags with <code bash>​chmod 744 createcsr.sh</​code>​   * Change flags with <code bash>​chmod 744 createcsr.sh</​code>​
Line 174: Line 176:
 ==== Windows ==== ==== Windows ====
 Simple PowerShell script... Simple PowerShell script...
-<code powershell createcsr.ps1>​openssl req -newkey rsa:2048 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​+<code powershell createcsr.ps1>​openssl req -newkey rsa:4096 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​
 Simple Batch script... Simple Batch script...
-<code powershell createcsr.bat>​openssl req -newkey rsa:2048 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​+<code powershell createcsr.bat>​openssl req -newkey rsa:4096 -sha256 -keyout priv-key.pem -out certreq.pem</​code>​
  
 After that, proceed with the [[#​select_a_registration_authority_ra|Select a Registration Authority (RA)]] and upload the Certificate Signing Request (CSR) file in the offered web form of your institution,​ that you can reach by clicking on "​upload for Servers"​. After that, proceed with the [[#​select_a_registration_authority_ra|Select a Registration Authority (RA)]] and upload the Certificate Signing Request (CSR) file in the offered web form of your institution,​ that you can reach by clicking on "​upload for Servers"​.
Line 185: Line 187:
 ==== Unix/OS X ==== ==== Unix/OS X ====
 Simple Bash script... Simple Bash script...
-<code bash createcsr.sh>​openssl req -config example.cnf -newkey rsa:2048 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​+<code bash createcsr.sh>​openssl req -config example.cnf -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​
   * Download createscr.sh script.   * Download createscr.sh script.
   * Change flags with <code bash>​chmod 744 createcsr.sh</​code>​   * Change flags with <code bash>​chmod 744 createcsr.sh</​code>​
Line 192: Line 194:
 ==== Windows ==== ==== Windows ====
 Simple PowerShell script... Simple PowerShell script...
-<code powershell createcsr.ps1>​openssl req -config example.cnf -newkey rsa:2048 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​+<code powershell createcsr.ps1>​openssl req -config example.cnf -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​
 Simple Batch script... Simple Batch script...
-<code powershell createcsr.bat>​openssl req -config example.cnf -newkey rsa:2048 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​+<code powershell createcsr.bat>​openssl req -config example.cnf -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example-csr.pem</​code>​
  
 After that, proceed with the [[#​select_a_registration_authority_ra|Select a Registration Authority (RA)]] and upload the Certificate Signing Request (CSR) file in the offered web form of your institution,​ that you can reach by clicking on "​upload for Servers"​. After that, proceed with the [[#​select_a_registration_authority_ra|Select a Registration Authority (RA)]] and upload the Certificate Signing Request (CSR) file in the offered web form of your institution,​ that you can reach by clicking on "​upload for Servers"​.
Line 208: Line 210:
 ####################################################################​ ####################################################################​
 [ req ] [ req ]
-default_bits ​       = 2048+default_bits ​       = 4096
 default_keyfile ​    = example.key default_keyfile ​    = example.key
 distinguished_name ​ = server_distinguished_name distinguished_name ​ = server_distinguished_name
Line 260: Line 262:
 ####################################################################​ ####################################################################​
 [ req ] [ req ]
-default_bits ​       = 2048+default_bits ​       = 4096
 default_keyfile ​    = example.key default_keyfile ​    = example.key
 distinguished_name ​ = server_distinguished_name distinguished_name ​ = server_distinguished_name
Line 309: Line 311:
 ####################################################################​ ####################################################################​
 [ req ] [ req ]
-default_bits ​       = 2048+default_bits ​       = 4096
 default_keyfile ​    = example.key default_keyfile ​    = example.key
 distinguished_name ​ = server_distinguished_name distinguished_name ​ = server_distinguished_name