20,213 questions
Hello @Sam Na
This article can give you a better idea when choosing your setting size as well as how to avoid further troubles. See below:
https://datatracker.ietf.org/doc/rfc8017/
Regards
RSA bit size Compatibility in a Two-Tier PKI.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 6%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Sam Na
46
Reputation points
Hi,
Can Root CA RSA be 4096bits but the Issuing CAs be 2048bit or vice versa.
A similar question about Web Server user/machine certs with 2048bit RSA where the Issuing CA is set to 4096.
Just want to make sure different size RSAs in the environment cant cause issues.
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
2 answers
Sort by: Most helpful
-
-
Vadims Podāns 9,186 Reputation points MVP2022-03-14T07:36:52.94+00:00 Can Root CA RSA be 4096bits but the Issuing CAs be 2048bit or vice versa.
yes
A similar question about Web Server user/machine certs with 2048bit RSA where the Issuing CA is set to 4096.
yes
Just want to make sure different size RSAs in the environment cant cause issues.
in most cases there should not be issues. However issues may arise if some legacy or badly written custom application doesn't support 4k RSA key.