From 487444e35e98486cdc3d0724eca8afe6dda8b2b9 Mon Sep 17 00:00:00 2001
From: Arnav Singh <arsing@microsoft.com>
Date: Tue, 16 Aug 2022 19:50:27 -0700
Subject: [PATCH] Fix Edge CA cert to create P-256 / RSA-4096 key pairs.

---
 edgelet/edgelet-http-workload/src/edge_ca.rs | 2 +-
 edgelet/edgelet-http-workload/src/lib.rs     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/edgelet/edgelet-http-workload/src/edge_ca.rs b/edgelet/edgelet-http-workload/src/edge_ca.rs
index 0141ed276c0..d2fdacd4122 100644
--- a/edgelet/edgelet-http-workload/src/edge_ca.rs
+++ b/edgelet/edgelet-http-workload/src/edge_ca.rs
@@ -106,7 +106,7 @@ impl cert_renewal::CertInterface for EdgeCaRenewal {
                 }
 
                 let key_handle = key_client
-                    .create_key_pair_if_not_exists(&key_id, Some("rsa-2048:*"))
+                    .create_key_pair_if_not_exists(&key_id, Some("ec-p256:rsa-4096:*"))
                     .await
                     .map_err(|_| {
                         cert_renewal::Error::retryable_error("failed to generate temp key")
diff --git a/edgelet/edgelet-http-workload/src/lib.rs b/edgelet/edgelet-http-workload/src/lib.rs
index 230fbc1c098..1f519e95de6 100644
--- a/edgelet/edgelet-http-workload/src/lib.rs
+++ b/edgelet/edgelet-http-workload/src/lib.rs
@@ -106,7 +106,7 @@ where
             let key_client = self.key_client.lock().await;
 
             key_client
-                .create_key_pair_if_not_exists(&self.config.edge_ca_key, Some("rsa-2048:*"))
+                .create_key_pair_if_not_exists(&self.config.edge_ca_key, Some("ec-p256:rsa-4096:*"))
                 .await
                 .map_err(|err| err.to_string())?
         };