Longer Certificate Keys than RSA-1024?

[jbo5112]

I'm trying to set up a VPN on my new zentyal system, but I don't see how to generate keys longer than RSA-1024.  I'm not sure why the default is this low either.  People are already finding ways to crack RSA-1024 with theoretical custom hardware (pdf) or with actual exploits on hardware vulnerabilities.  I've seen recommendations to move to 2048 bit or more for at least a couple of years.

Can someone tell me how to generate 2048 or (preferably) 4096 bit keys, without dropping to a terminal window and doing something zentyal might not recognize?

[jsalamero]

Yes, we will increase default key size in the next version.

Thanks for highlighting this!

[jbo5112]

Thanks!  I guess the only access we need to run right now is already encrypted, so this will work fine.  The next version may easily be out before we need anything more, but I didn't want to commit to something that would only work a few months.

Is there any planned support for AES?  I have more to learn about VPN's, but with the acceleration in Sandy Bridge, it seems a good idea in some situations, not that it matters to my current 2002 Dell server.