Under this section, add the following settings to enable and configure the key size validation.
When defined under different configuration sections, the key-size set of parameters has the following precedence, from least to greatest (the last listed variables override all other variables).
- key-size under authorities
- key-size under managed-cas.<ca>
- key-size under profiles.<profile>
min-ecc
The minimum key size for elliptic curve keys, as a number of bytes.
min-rsa
The minimum key size for RSA keys, as a number of bytes.
reject
The performed action when the CA key does not meet the min-ecc or min-rsa size requirements.
Value | Action |
|---|---|
off | Nothing |
log | Log the key size |
block | Reject the key |