SSL & CSR Key Lengths

I am trying to understand how to determine how long my CSR Key Length should be.  I will be installing an SSL Cert into TOmcat running on CentOS 5.7

What are my options & limitations?  How do I secure things without going overboard?
Who is Participating?
southpau1Connect With a Mentor Commented:
The standard today is no less than 1024 bit RSA for your public key.  Is that what you are talking about?
deklinmAuthor Commented:
Yes but, i am more concerned understanding what the max size is, what the increments are and how i select which one i want
Options are 512, 1024, 2048, 3072 etc...

So increments are at 1024 (in practice - but the algorithm works with key lengths of any size)

The higher you go, the more secure - however, obviously they come at the cost of processing speed.  1024 and 2048 are estimated to be secure enough for most business needs until 2030.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

multimacConnect With a Mentor Commented:
Take 2048. Most CA wont sign anything below this anymore.
southpau1Connect With a Mentor Commented:
multimac - can you cite that? I have never heard that is true.  for instance, google has a 1024bit RSA key signed by Thawt on their https site
Geotrust Rapidssl:

Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
Note: For all SSL certificates, the CSR key bit length must be 2048.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.