Access Manager ships with a CA that can create certificates with a key size of 512, 1024, 2048, or 4096. Select the maximum size supported by the applications that you are protecting with Access Manager. Security increases with the increase in key size length. The default certificates created by Access Manager 4.2 and later are of 2048 key size. If you are upgrading Access Manager from a version older than 4.2, ensure that certificates with small key sizes are replaced with 2048 or above.
In signature algorithms, SHA1 is no longer considered secure. Access Manager supports creation of a certificate only with SHA-256 and SHA-512. When you are importing external certificates signed by a well-known third-party CA into Access Manager, ensure that they are of SHA-256 or above.