Provide option to set RSA key size

[bennypi]

Environment

• Operating system (including version):
  • Linux LAPTOP 6.5.0-41-generic #41~22.04.2-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 3 11:32:55 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
  • Ubuntu 22.04.4 LTS
• mkcert version (from mkcert -version): v1.4.4
• Server (where the certificate is loaded): Spring Boot 3.x
• Client (e.g. browser, CLI tool, or script): AusweisApp 2.2.0 (https://www.ausweisapp.bund.de/download)

What you did

Default installation of mkcert -install and mkcert localhost

What went wrong

The German BSI (Federal Office for Information Security) requires RSA TLS server certificates to use RSA keys of at least 3000 bits length. This leads to problems with Germany's official eID app, which verifies that this requirement is met. From what I can see from the code, mkcert uses 3072 bits for the root cert and 2048 bits for TLS certs, which is incompatible with the new requirement.

I would suggest to either change the default bit lengths or add an option to specify the bit length, both for generating the root cert and TLS certs.