About the E4_sslkey_2048 Patch

This patch causes the system to use a 2048-bit SSL host key instead of the default 1024-bit host key.
2048-bit keys are required by some certificate authorities.

Installing the Patch

To install this patch, follow these steps:

  1. Use a ssh or telnet client to connect to the administration command-line interface on your Mirapoint system.

  2. Log in as an administrator.

  3. Get your current system software version:

    version

    If the version reported is a 4.0, 4.1, 4.2, or 4.3 version, then you can install this patch.

  4. Install the E4_sslkey_2048.mpu5 patch:

    update install ftp://ftp.mirapoint.com/pub/mert/E4_sslkey_2048

Always check the system log for important messages after performing an update -- whether it fails or succeeds.


NOTE: Installing this patch does not restart any services nor does it reboot the system.
This patch can be uninstalled to revert to the previous functionality. Uninstallation also does not restart any services nor does it reboot the system.

Generating new keys

The host key must be regenerated (eg. with 'ssl newcert') after installing the patch to get a 2048-bit host key.
This can be done using the following steps.

  1. Prior to issuing 'ssl newcert' you should save the current certificates by issuing getcert for each interface.

    ssl getcert <interface>

  2. Include your intermediate certificates if required.

    ssl getintca <interface>

  3. Once you have saved your current certificates you can issue newcert NB: check protocol manual for newcert syntax

    ssl newcert <interface>

  4. You can now get the new CSR with

    ssl getcsr <interface>

  5. You will need to run getcert again to obtain the private key for use with the 2048 bit keys when they are available.

    ssl getcert <interface>

  6. You can then reinstall your old certificates with

    ssl setcert <interface>

  7. Include your intermediate certificates if required.

    ssl setintca <interface>