Critical System Protection\Data Center Security Server Advanced Certificate FAQ's
Last Updated March 05, 2015
The customer might ask following questions regarding the certificate used for communication from the security point of view.
Q. Does CSP\DCSSA self-signed certificate use a RSA key that is shorter than 1024-bits? Such keys are considered weak due to advances in available computing power decreasing the time required to factor cryptographic keys.
Ans:- Self-signed certificate key being generated during installation is 1024-bits
Q. Does CSP\DCSSA certificate use signature algorithms like MD2, MD4, or MD5 which are known to be vulnerable to collision attacks?
Ans:- The signature algorithm used for CSP\DCSSA certificate is SHA-1 with RSA.
Q. What is the validity of the Self-Signed CSP\DCSSA certificate?
Ans:- The self-signed certificate is always valid for 10 years.
Q. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048-bits. Can we upgrade CSP\DCSSA certificate to 2048-bits?
Ans:- If you are are concerned about the security, you can upgrade current CSP\DCSSA certificate to 2048-bit key. Please check this article for more details: http://www.symantec.com/docs/HOWTO77126
Please keep in mind that it might slow down the communication if you use a larger bit key.
Imported Document ID: TECH222450
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe