{"id":21389,"date":"2025-10-19T11:08:40","date_gmt":"2025-10-19T03:08:40","guid":{"rendered":"https:\/\/blog.pmail.idv.tw\/?p=21389"},"modified":"2025-10-19T11:08:40","modified_gmt":"2025-10-19T03:08:40","slug":"%e6%86%91%e8%ad%89%e4%bc%ba%e6%9c%8d%e5%99%a8-pki-rsa-key-size-from-2048-bit-to-4096-bit","status":"publish","type":"post","link":"https:\/\/blog.pmail.idv.tw\/?p=21389","title":{"rendered":"\u6191\u8b49\u4f3a\u670d\u5668 PKI RSA key size from 2048 bit to 4096 bit"},"content":{"rendered":"

\u5982\u679c\u63d0\u70ba\u5347\u5b89\u5168\u6027\u8207\u56e0\u61c9\u672a\u4f86\u52a0\u5bc6\u5f37\u5ea6\u9700\u6c42\u7684\u8003\u91cf\u9700\u8981\u5c07windows CA \u4f3a\u670d\u5668RSA \u91d1\u9470\u9577\u5ea6\u5f9e 2048 \u4f4d\u5143\u5347\u7d1a\u81f3 4096 \u4f4d\u5143\u3002<\/p>\n

\u53ef\u4ee5\u5148\u5230\u6b21\u8def\u5f91\u7de8\u8f2f%SystemRoot%\\CAPolicy.inf (\u5982\u679c\u6c92\u6709\u53ef\u4ee5\u81ea\u884c\u7522\u751f)<\/p>\n

\u5982\u4e0b\u8a2d\u5b9a (\u4e3b\u8981\u662fRenewalKeyLength \u53c3\u6578)<\/p>\n

[Version]
\nSignature=”$Windows NT$”
\n[Certsrv_Server]
\nRenewalKeyLength=4096       ; New key length
\nRenewalValidityPeriod=Years ; Optional: defines the renewal validity period unit
\nRenewalValidityPeriodUnits=10 ; Optional: sets the new CA certificate validity (e.g., 10 years)<\/p>\n

\"image\"<\/a><\/p>\n

CAPolicy.inf <\/p>\n

\"image\"<\/a><\/p>\n

\u66f4\u65b0\u5f8c \u5c31\u53ef\u4ee5\u770b\u5230 RSA 4096 bit<\/p>\n

\"image\"<\/a><\/p>\n

\u53c3\u8003<\/p>\n

https:\/\/learn.microsoft.com\/zh-tw\/windows-server\/networking\/core-network-guide\/cncg\/server-certs\/prepare-the-capolicy-inf-file<\/p>\n

\n