lejeczek via FreeIPA-users wrote: > Hi guys. > > I'm trying to get signing request - on centos 9s - like this: > > -> $ certutil -R -d /etc/pki/nssdb/ -a -g 512 -s > 'CN=ceph-mgr-dashboard,O=MINE.PRIV' > ... > certutil: signing of data failed: > SEC_ERROR_SIGNATURE_ALGORITHM_DISABLED: Could not create or verify a > signature using a signature algorithm that is disabled because it is not > secure. > > Would IPA be some factor in this? > crypto-policies seem default/vanilla - if those might be relevant. > VERSION: 4.12.2, API_VERSION: 2.254
Unrelated to IPA. It is crypto-policies. See RSA-MIN in the crypto backend. It's probably 2048. Your key size is too small. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
