Update updating-certificates.md

Author: mich-elle-luna

content/operate/rs/security/certificates/updating-certificates.md

@@ -141,3 +141,9 @@ To update your syncer certificate on clusters running Active-Active databases, f
 - Run step 2 as quickly as possible after step 1. Between the two steps, new syncer connections that use the ‘old’ certificate will get rejected by the cluster that has been updated with the new certificate (in step 1).<br/>
 - Do not run any other `crdb-cli crdb update` operations between the two steps.<br/>
 {{</note>}}
+
+### Troubleshoot RHEL 8 crypto policy and certificate key size
+
+In RHEL 8, if the crypto policy is set to `FUTURE`, the system will not accept certificates with private key sizes smaller than 3072 bits. This affects the use of custom certificates with smaller keys (such as 2048-bit keys).
+
+To use certificates with smaller key sizes, you need to change the crypto policy from `FUTURE` to `DEFAULT`. For more information about crypto policies, see the [Red Hat documentation on system-wide cryptographic policies](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening).