--- /usr/share/univention-ssl/make-certificates.sh.orig	2013-05-18 16:43:02.000000000 +0200
+++ /usr/share/univention-ssl/make-certificates.sh	2013-05-18 16:30:31.000000000 +0200
@@ -128,7 +128,7 @@
 
 [ req ]
 
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
@@ -278,7 +278,7 @@
 	# make the root-CA configuration file
 	mk_config openssl.cnf "$PASSWD" "$DEFAULT_DAYS" "$ssl_common"
 
-	openssl genrsa -des3 -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" 1024
+	openssl genrsa -des3 -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" 2048
 	yes '' | openssl req -config openssl.cnf -new -x509 -days "$DEFAULT_DAYS" -key "${CA}/private/CAkey.pem" -out "${CA}/CAcert.pem"
 
 	# copy the public key to a place, from where browsers can access it