Can Red Hat Satellite 6.x be configured with a custom SSL certificate whose keys are 2048 bits rather than 4096 bits long?

Solution Verified - Updated 5 Mar 2025

Environment

Red Hat Satellite 6.15

Issue

When creating a certificate signing request (CSR) for a custom SSL certificate to configure the Red Hat Satellite 6.x server with, the procedure in the Red Hat Satellite 6.x installation guide uses the following command to generate a 4096-bit private key:
```
# openssl genrsa -out /root/satellite_cert/satellite_cert_key.pem 4096
```
Can a 2048-bit private key be used instead?

Resolution

Although it is highly recommended to use a 4096-bit private key to create a certificate signing request (CSR) for a custom SSL certificate for Red Hat Satellite 6.x, this can also be done using a 2048-bit private key instead. However, please be aware that a 4096-bit key offers higher security level than a 2048-bit one.

To generate a certificate signing request (CSR) for a custom SSL certificate for Red Hat Satellite 6.x using a 2048-bit private key, use the following command:

# openssl genrsa -out /root/satellite_cert/satellite_cert_key.pem 2048

For more KB articles/solutions related to Red Hat Satellite 6.x SSL Certificates Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x SSL Certificates Issues

SBR

SysMgmt

Product(s)

Red Hat Satellite

Components

certificates

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.