From 267bca2f5a10b822ecacbe54c69a2fe6a9fda76c Mon Sep 17 00:00:00 2001 From: Vikas Jain Date: Fri, 31 Jul 2015 09:28:15 -0700 Subject: [PATCH] Updated PKI certificate crypto strength in cert example Updated PKI generation example to comply with current best practices. Changed key size to 4096 and hash to sha256. Updated both XML and RST. Change-Id: I3d0cb977c87c3fe2c22b63c0790bb06f6215ada2 Closes-Bug: #1480313 --- .../source/keystone_certificates_for_pki.rst | 4 ++-- doc/common/section_keystone_certificates-for-pki.xml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst b/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst index 1a7b201305..54685c076f 100644 --- a/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst +++ b/doc/admin-guide-cloud-rst/source/keystone_certificates_for_pki.rst @@ -136,9 +136,9 @@ Create a certificate request configuration file. For example, create the :linenos: [ req ] - default_bits = 1024 + default_bits = 4096 default_keyfile = keystonekey.pem - default_md = sha1 + default_md = sha256 prompt = no distinguished_name = distinguished_name diff --git a/doc/common/section_keystone_certificates-for-pki.xml b/doc/common/section_keystone_certificates-for-pki.xml index d2488b252e..b8633b11fd 100644 --- a/doc/common/section_keystone_certificates-for-pki.xml +++ b/doc/common/section_keystone_certificates-for-pki.xml @@ -172,9 +172,9 @@ SrWY8lF3HrTcJT23sZIleg== example, create the cert_req.conf file, as follows: [ req ] -default_bits = 1024 +default_bits = 4096 default_keyfile = keystonekey.pem -default_md = sha1 +default_md = sha256 prompt = no distinguished_name = distinguished_name