About the E4_sslkey_2048 Patch

This patch causes the system to use a 2048-bit SSL host key instead of the default 1024-bit host key.
2048-bit keys are required by some certificate authorities.

Installing the Patch

To install this patch, follow these steps:

1. Use a ssh or telnet client to connect to the administration command-line interface on your Mirapoint system.


2. Log in as an administrator.


3. Get your current system software version:
   
   

   version
   
   

   If the version reported is a 4.0, 4.1, 4.2, or 4.3 version, then you can install this patch.


4. Install the E4_sslkey_2048.mpu5 patch:
   
   

   update install ftp://ftp.mirapoint.com/pub/mert/E4_sslkey_2048

   
   

NOTE: Installing this patch does not restart any services nor does it reboot the system.
This patch can be uninstalled to revert to the previous functionality. Uninstallation also does not restart any services nor does it reboot the system.

Generating new keys

The host key must be regenerated (eg. with 'ssl newcert') after installing the patch to get a 2048-bit host key.
This can be done using the following steps.

1. Prior to issuing 'ssl newcert' you should save the current certificates by issuing getcert for each interface.
   
   

   ssl getcert <interface>
   
   

2. Include your intermediate certificates if required.
   
   

   ssl getintca <interface>
   
   

3. Once you have saved your current certificates you can issue newcert NB: check protocol manual for newcert syntax
   
   

   ssl newcert <interface>
   
   

4. You can now get the new CSR with
   
   

   ssl getcsr <interface>
   
   

5. You will need to run getcert again to obtain the private key for use with the 2048 bit keys when they are available.
   
   

   ssl getcert <interface>
   
   

6. You can then reinstall your old certificates with
   
   

   ssl setcert <interface>
   
   

7. Include your intermediate certificates if required.
   
   

   ssl setintca <interface>