SSL & CSR Key Lengths
I am trying to understand how to determine how long my CSR Key Length should be. I will be installing an SSL Cert into TOmcat running on CentOS 5.7
What are my options & limitations? How do I secure things without going overboard?
What are my options & limitations? How do I secure things without going overboard?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Options are 512, 1024, 2048, 3072 etc...
So increments are at 1024 (in practice - but the algorithm works with key lengths of any size)
The higher you go, the more secure - however, obviously they come at the cost of processing speed. 1024 and 2048 are estimated to be secure enough for most business needs until 2030.
So increments are at 1024 (in practice - but the algorithm works with key lengths of any size)
The higher you go, the more secure - however, obviously they come at the cost of processing speed. 1024 and 2048 are estimated to be secure enough for most business needs until 2030.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
E.g.
Geotrust Rapidssl:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so13985
Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
Note: For all SSL certificates, the CSR key bit length must be 2048.
Geotrust Rapidssl:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so13985
Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
Note: For all SSL certificates, the CSR key bit length must be 2048.
ASKER