• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 799
  • Last Modified:

SSL & CSR Key Lengths

I am trying to understand how to determine how long my CSR Key Length should be.  I will be installing an SSL Cert into TOmcat running on CentOS 5.7

What are my options & limitations?  How do I secure things without going overboard?
0
deklinm
Asked:
deklinm
  • 3
  • 2
3 Solutions
 
southpau1Commented:
The standard today is no less than 1024 bit RSA for your public key.  Is that what you are talking about?
0
 
deklinmAuthor Commented:
Yes but, i am more concerned understanding what the max size is, what the increments are and how i select which one i want
0
 
southpau1Commented:
Options are 512, 1024, 2048, 3072 etc...

So increments are at 1024 (in practice - but the algorithm works with key lengths of any size)

The higher you go, the more secure - however, obviously they come at the cost of processing speed.  1024 and 2048 are estimated to be secure enough for most business needs until 2030.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
multimacCommented:
Take 2048. Most CA wont sign anything below this anymore.
0
 
southpau1Commented:
multimac - can you cite that? I have never heard that is true.  for instance, google has a 1024bit RSA key signed by Thawt on their https site
0
 
multimacCommented:
E.g.
Geotrust Rapidssl:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=so13985

Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
Note: For all SSL certificates, the CSR key bit length must be 2048.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now