I'd go with 2048 RSA key length, and put the certificate subject straight in the... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tilsammans on Aug 13, 2014 | parent | context | favorite | on: Know How To Roll Your SSL Certificates

I'd go with 2048 RSA key length, and put the certificate subject straight in the command line:

  openssl req -nodes -newkey rsa:2048 -keyout www.example.com.2014.key -out www.example.com.2014.csr -subj "/C=COUNTRY/ST=STATE/L=CITY/O=COMPANY/OU=/CN=www.example.com"

I have exactly this in an Ansible playbook https://github.com/tilsammans/playbook (for rails).

zrail on Aug 13, 2014 [–]

The `genrsa` command is generating 2048 bit keys already. I added `-sha256` and `-utf8` based on some other feedback, though. Thanks!

AlyssaRowan on Aug 14, 2014 | [–]

The "default" in many configs is still actually 1024 bits, which is of course too small.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact