About the E4_sslkey_2048 Patch
This patch causes the system to use a 2048-bit SSL host key instead of the default 1024-bit host key.
2048-bit keys are required by some certificate authorities.
Installing the Patch
To install this patch, follow these steps:
-
Use a ssh or telnet client to connect to the administration command-line
interface on your Mirapoint system.
-
Log in as an administrator.
-
Get your current system software version:
version
If the version reported is a 4.0, 4.1, 4.2, or 4.3 version, then you can install this patch.
-
Install the E4_sslkey_2048.mpu5 patch:
update install ftp://ftp.mirapoint.com/pub/mert/E4_sslkey_2048
Always check the system log for important messages after
performing an update -- whether it fails or succeeds.
NOTE: Installing this patch does not restart any services nor does it reboot the system.
This patch can be uninstalled to revert to the previous functionality. Uninstallation also does not restart any services nor does it reboot the system.
Generating new keys
The host key must be regenerated (eg. with 'ssl newcert') after installing the patch to get a 2048-bit host key.
This can be done using the following steps.
-
Prior to issuing 'ssl newcert' you should save the current certificates by issuing getcert for each interface.
ssl getcert <interface>
-
Include your intermediate certificates if required.
ssl getintca <interface>
-
Once you have saved your current certificates you can issue newcert NB: check protocol manual for newcert syntax
ssl newcert <interface>
-
You can now get the new CSR with
ssl getcsr <interface>
-
You will need to run getcert again to obtain the private key for use with the 2048 bit keys when they are available.
ssl getcert <interface>
-
You can then reinstall your old certificates with
ssl setcert <interface>
-
Include your intermediate certificates if required.
ssl setintca <interface>