CommScope RUCKUS Community Forums

MWSS · ‎07-25-2023

Hello, in a recent pen test the following was discovered for the Ruckus Unleashed master AP

SSL Certificate Chain Contains RSA Keys Less Than 2048 bits

"At least one of the X.509 certificates sent by the remote host has a
key that is shorter than 2048 bits. According to industry standards
set by the Certification Authority/Browser (CA/B) Forum, certificates
issued after January 1, 2014 must be at least 2048 bits.

I can see in the unleashed console that under the Administration > Certificate options I can change this option:
Re-generate private key of a specific key length to 2048.

The ruckus is using a self signed cert. If I click the option for 2048 and regenerate, will this update the self signed cert and cause no other impact but restarted the APs?

thanks

sanjay_kumar · ‎08-02-2023

Hi @MWSS

The option to regenerate private key under Administration > Certificate >> Advanced >> Re-Generate Private Key of a Specific Key Length: 2048

Should solve your issue. It will re-generate a new cert of the master AP which has RSA key length to 2048.

View solution in original post

MWSS · ‎07-27-2023

Just checking you can confirm this Sanjay

sanjay_kumar · ‎07-27-2023

Hi @MWSS
I'm checking on this.

sanjay_kumar · ‎08-02-2023

Hi @MWSS

The option to regenerate private key under Administration > Certificate >> Advanced >> Re-Generate Private Key of a Specific Key Length: 2048

Should solve your issue. It will re-generate a new cert of the master AP which has RSA key length to 2048.

MWSS · ‎08-14-2023

thank you, this causes no impact apart from a reboot I presume?

sanjay_kumar · ‎08-14-2023

Hi @MWSS
Yes that is correct.

CommScope RUCKUS Community Forums

SSL certificate RSA key is less than 2048 - Pen test