From the Qualys Community: QID 38171 - SSL Cert - server public key too small
"An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
Best practices require that digital signatures be 2048 or more bits long to provide adequate security. Key lengths of 1024 are acceptable through 2013, but since 2011 they are considered deprecated."
SSB defaults to RSA 4096 keys for SSH connections and does not utilize the short keys.
Short keys are still present, which causes the scans to report on this despite their not being in use.
Change Request - 372161 has been raised to address this issue. As of this writing, there is no ETA.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center