Why isn't recommended to use CertGen in a production environment?
If I generate new CertGenCA.der and CertGenCAKey.der
files I don't see a problem using gencert for production.
This is for the communication between Manages servers and AdminServer.
What is the reason of this recommendation?
The doc states:
The CertGen
utility generates certificates that should only be used for demonstration or testing purposes, not in a production environment.
As of version 12.1.2 of WebLogic Server, the CertGen
utility generates certificates with the following attributes by default:
- 2048-bit public key.
- SHA256 message digest algorithm.
- Subject Key Identifier extension.
- Authority Key Identifier extension (if the CA certificate contains a Subject Key ID.)