You can specify the required key size in certificate request, this template setting for CA makes little sense since you generate keys on your (client) side and only submit it to CA for signing. Just specify desired key size when generating request.
Subordinate Certification Authority template increase minimum key size
Hi,
I have a two tiered on-premise PKI. Offline root and issuing subordinate CAs. I need to generate TLS proxy certificate for HTTPS inspection. I created a new certificate template by duplicating Subordinate Certification Authority. I see that by default attribute msPKI-Minimal-Key-Size for this template is set to 1024. I would like to increase it to 2048. There is no Cryptography tab in template settings so I cannot enforce minimum key size. Is there any way to override this setting?
1 additional answer
Sort by: Most helpful
-
Limitless Technology 39,336 Reputation points
2021-10-18T09:20:26.2+00:00 Hello @bartn92 ,
Thank you for your question.
Some recommendations below for you:
1) I never recommend using pre-installed templates. Even if the template is ok, I recommend duplicating it with the same settings, updating the key length and adding a corporate branding to the template. This can be useful for further debugging and comparing to standard models
2) You can try running the "certutil -InstallDefaultTemplates" command
I recommend that you also consult the topic below which deals with a problem similar to yours, I believe it may be useful:
If the answer is helpful, please vote positively and accept as an answer.