CommScope RUCKUS Community Forums

MWSS · ‎07-25-2023

Hello, in a recent pen test the following was discovered for the Ruckus Unleashed master AP

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

"At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 2048 bits. According to industry standards
set by the Certification Authority/Browser (CA/B) Forum, certificates
issued after January 1, 2014 must be at least 2048 bits.

I can see in the unleashed console that under the Administration > Certificate options I can change this option:
Re-generate private key of a specific key length to 2048.

The ruckus is using a self signed cert. If I click the option for 2048 and regenerate, will this update the self signed cert and cause no other impact but restarted the APs?

thanks

sanjay_kumar · ‎08-02-2023

Hi @MWSS

The option to regenerate private key under Administration > Certificate >> Advanced >> Re-Generate Private Key of a Specific Key Length: 2048

Should solve your issue. It will re-generate a new cert of the master AP which has RSA key length to 2048.

View solution in original post

sanjay_kumar · ‎07-26-2023

Hi @MWSS
Could you please confirm the Unleashed version and the AP model you are using?

MWSS · ‎07-26-2023

Hi,

We're currently running 200.13.3.1.319 and they're R650s

sanjay_kumar · ‎07-26-2023

Hi @MWSS
Can you upgrade to 200.14.6.1.199 and let me know if you still face the same issue

MWSS · ‎07-26-2023

is the default 2048 in 200.14.6.1.199 ?

CommScope RUCKUS Community Forums

SSL certificate RSA key is less than 2048 - Pen test