Endpoint ignored these unrecognized parameters: [key_bits]

Michael.Renner · February 8, 2024, 11:17am

Moin,

I generate certificates with commands like

vault write -format=json some/path/issue/san common_name=“server.mynet.internal” alt_names=“server.mynet.internal” ip_sans=“127.0.0.1” key_bits=“4096” ttl=“34387200”

That works fine, but I get 2048 bit keys. And I see this warning:
“warnings”: [
“Endpoint ignored these unrecognized parameters: [key_bits]”
]

I tested the versions 1.15.4, 1.6 and 1.3.2.

What is the propper way to define the key length?

Micha

StevenClark · February 15, 2024, 5:17am

Hello!

When using the issue endpoint the key size that Vault will generate comes from the value in the specified role. key_bits is not a parameter for that endpoint, but solely when generating CA certificates.

From your example above, you would need to modify the key_bits field of the san role to 4096.

Topic		Replies	Views
[solved] Generate csr for 4096 bit CA? Vault	1	19	October 17, 2024
Vault write ignores issuer_name HCP Vault Secrets vault	6	1117	February 18, 2025
CLI warning on unrecognized parameters Vault vault	2	1991	September 12, 2022
Vault agent and X509v3 Extended Key Usage Vault	0	199	October 11, 2023
Use RSA key size less than 2048 Vault	0	331	June 14, 2021

Endpoint ignored these unrecognized parameters: [key_bits]

Related topics