You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Default installation of mkcert -install and mkcert localhost
What went wrong
The German BSI (Federal Office for Information Security) requires RSA TLS server certificates to use RSA keys of at least 3000 bits length. This leads to problems with Germany's official eID app, which verifies that this requirement is met. From what I can see from the code, mkcert uses 3072 bits for the root cert and 2048 bits for TLS certs, which is incompatible with the new requirement.
I would suggest to either change the default bit lengths or add an option to specify the bit length, both for generating the root cert and TLS certs.
The text was updated successfully, but these errors were encountered:
Environment
Linux LAPTOP 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 x86_64 x86_64 x86_64 GNU/Linuxmkcert -version): v1.4.4What you did
Default installation of
mkcert -installandmkcert localhostWhat went wrong
The German BSI (Federal Office for Information Security) requires RSA TLS server certificates to use RSA keys of at least 3000 bits length. This leads to problems with Germany's official eID app, which verifies that this requirement is met. From what I can see from the code, mkcert uses 3072 bits for the root cert and 2048 bits for TLS certs, which is incompatible with the new requirement.
I would suggest to either change the default bit lengths or add an option to specify the bit length, both for generating the root cert and TLS certs.
The text was updated successfully, but these errors were encountered: