We help IT Professionals succeed at work.

SSL & CSR Key Lengths

deklinm
deklinm asked
on
Medium Priority
856 Views
Last Modified: 2012-08-27
I am trying to understand how to determine how long my CSR Key Length should be.  I will be installing an SSL Cert into TOmcat running on CentOS 5.7

What are my options & limitations?  How do I secure things without going overboard?
Comment
Watch Question

The standard today is no less than 1024 bit RSA for your public key.  Is that what you are talking about?

Author

Commented:
Yes but, i am more concerned understanding what the max size is, what the increments are and how i select which one i want
Options are 512, 1024, 2048, 3072 etc...

So increments are at 1024 (in practice - but the algorithm works with key lengths of any size)

The higher you go, the more secure - however, obviously they come at the cost of processing speed.  1024 and 2048 are estimated to be secure enough for most business needs until 2030.
Commented:
Take 2048. Most CA wont sign anything below this anymore.
multimac - can you cite that? I have never heard that is true.  for instance, google has a 1024bit RSA key signed by Thawt on their https site

Commented:
E.g.
Geotrust Rapidssl:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so13985

Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
Note: For all SSL certificates, the CSR key bit length must be 2048.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.