The customer might ask following questions regarding the certificate used for communication from the security point of view.
Q. Does CSP\DCSSA self-signed certificate use a RSA key that is shorter than 1024-bits? Such keys are considered weak due to advances in available computing power decreasing the time required to factor cryptographic keys.
Ans:- Self-signed certificate key being generated during installation is 1024-bits
Q. Does CSP\DCSSA certificate use signature algorithms like MD2, MD4, or MD5 which are known to be vulnerable to collision attacks?
Ans:- The signature algorithm used for CSP\DCSSA certificate is SHA-1 with RSA.
Q. What is the validity of the Self-Signed CSP\DCSSA certificate?
Ans:- The self-signed certificate is always valid for 10 years.
Q. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048-bits. Can we upgrade CSP\DCSSA certificate to 2048-bits?
Ans:- If you are are concerned about the security, you can upgrade current CSP\DCSSA certificate to 2048-bit key. Please check this article for more details: http://www.symantec.com/docs/HOWTO77126
Please keep in mind that it might slow down the communication if you use a larger bit key.
Imported Document ID: TECH222450
Subscribing will provide email updates when this Article is updated. Login is required.