Unable to request 4096 RSA Key

[daveyyoung]

Awesome project, I'm using your PowerShell module with good results for SAN certs...

Following on from this thread:

win-acme/win-acme#29 (comment)

It would be great to be able to up the key size from the default 2048 to 4096 for increased security.

Cheers,

D

[Macharius92]

Hi,

I'm using this awesome tool too ! Any news about allowing a 4096 encryption strength ?

[ebekker]

Unfortunately, out of the box, the in-built private key generator is fixed at 2048-bit. However, if you use an external tool, such as this one to generate a private key in PEM format first, you can specify the key length on it, then input that into the New-ACMECertificate cmdlet with the -KeyPemFile parameter.

[ebekker]

If someone would like to get their feet wet enhancing the module to support input key length, this is a good feature request to do that with. Here's a hint, the small changes that would be needed would done here and here.

[Macharius92]

Any chance you review the PR ? I would love to give a try to a new version to generate certificate with 4096 bits key.

[ebekker]

The PR has been merged and new versions of PWSH modules rebuilt. Can you test the pre-release versions to make sure it works for you: https://www.myget.org/gallery/acmesharp-posh-staging

If you confirm, I'll publish to the gallery, thanks!

[Macharius92]

Just tested it and it works like a charm ! I used the -NumBits4096 flag when calling the New-Certificate commandlet and i now have a certificate signed with a 4096 bits key.

[Macharius92]

@daveyyoung have you tried the pre-release version ? Can you make a feedback so @ebekker will be able to push it to the gallery for everyone ;)

[daveyyoung]

Hey @Macharius92 , just tested there with a SAN certificate and the -NumBits4096 parameter. Worked effortlessly, thanks to you both for the development!