What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I generate a DH key that is longer than the existing default key in PRTG?

Votes:

0

As I can read in your blog article Logjam Vulnerability: PRTG Is Safe Since Version 14.4.12 (October 2014), PRTG uses pre-generated Diffie-Hellman (DH) parameters with a 1024-bit key by default. Is it possible to enhance this key, for example, to a 2048-bit key?

diffie-hellman encryption prtg security

Created on May 21, 2015 12:23:37 PM by  Gerald Schoch [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

This article applies as of PRTG 22

Modifying key length for Diffie-Hellman parameters

PRTG comes with a high security standard that makes your network monitoring as secure as possible. All communication in PRTG is secured by TLS where only the most secure ciphers are supported. We describe important security features of PRTG in the article What security features does PRTG include?

As of PRTG version 14.4.12, PRTG uses unique pre-defined Diffie-Hellman (DH) parameters with a 1024-bit key by default. This key length is sufficient for most scenarios, but if you want to enhance this key and generate a key that is longer than 1024 bits, you can do so as well. In this example, we'll show how you can manually generate a key with 2048 bits.

Creating a longer key for DH parameters

  1. Open PowerShell as administrator on the PRTG core server system and navigate to the \cert subfolder of the PRTG program directory.
    Note: If PRTG is installed under the default path you can use the following command to navigate to the folder:
    cd "C:\Program Files (x86)\PRTG Network Monitor\cert\"
  2. Enter the following commands:
    ..\openssl.exe dhparam -out dh.pem -2 2048Restart-Service PRTGCoreService -Confirm
  3. Press Enter to generate a new key file and to restart the PRTG core server service.
  4. Enter [Y]es when prompted to restart the PRTG core server service or restart the service manually at your convenience.
    Note: The new key length will only be applied after the PRTG core server service was restarted.

Done! PRTG now uses DH parameters with a 2048-bit key.

Created on Nov 29, 2022 3:15:34 PM by  Luciano Lingnau [Paessler]

Last change on Jul 4, 2023 1:51:27 PM by  Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.