[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Is CA issued certificate using OpenSSL as good as GoDaddy
Am Thu, 12 Mar 2015 19:04:26 +0000
schrieb jeevan kc <jeev_biz@hotmail.com>:
> I followed the below OpenLDAP guide to create CA issued certificate
> using OpenSSL and was able to enable SSL in the ldap server and
> applications can connect via ldaps:// port 636. Now I have some
> questions from the management where this certificate is as safe as
> the commercial certificates out there. Can someone clarify this? I
> would appreciate it.
[...]
It seems, the management has only restricted knowledge. Ask your
management what is considered a safe commercial certificate.
To my understanding, a safe Certification Authority (CA) is safe, as
long as the key is stored in an iron safe and not available to the
world, while the certificate (CA) has to be available to the world.
A X.509 (host or user) certificate, created according ITU-T X.509 and
signed with your CA, is secure, if it meets todays agreed security
measurements i.e.
- use a 2048 bit RSA or a 256 bit ECDSA private key
- secure the host and user private keys
- use elliptic curve cryptography for transport security
you may want to read
https://www.feistyduck.com/books/openssl-cookbook/
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E