cancel
Showing results for 
Search instead for 
Did you mean: 

SSL certificate RSA key is less than 2048 - Pen test

MWSS
New Contributor

Hello, in a recent pen test the following was discovered for the Ruckus Unleashed master AP

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

"At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 2048 bits. According to industry standards
set by the Certification Authority/Browser (CA/B) Forum, certificates
issued after January 1, 2014 must be at least 2048 bits.

I can see in the unleashed console that under the Administration > Certificate options I can change this option:
Re-generate private key of a specific key length to 2048.

The ruckus is using a self signed cert.  If I click the option for 2048 and regenerate, will this update the self signed cert and cause no other impact but restarted the APs?

 

thanks

 

 

 

1 ACCEPTED SOLUTION

sanjay_kumar
RUCKUS Team Member

Hi @MWSS 

The option to regenerate private key under   Administration > Certificate >> Advanced >> Re-Generate Private Key of a Specific Key Length: 2048

Should solve your issue. It will re-generate a new cert of the master AP which has RSA key length to 2048.

View solution in original post

9 REPLIES 9

sanjay_kumar
RUCKUS Team Member

Hi @MWSS 
Could you please confirm the Unleashed version and the AP model you are using?

Hi,

We're currently running 200.13.3.1.319 and they're R650s

sanjay_kumar
RUCKUS Team Member

Hi @MWSS 
 Can you upgrade to 200.14.6.1.199 and let me know if you still face the same issue

is the default 2048 in 200.14.6.1.199 ?