Critical System Protection\Data Center Security Server Advanced Certificate FAQ's

book

Article ID: 160842

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced

Issue/Introduction

The customer might ask following questions regarding the certificate used for communication from the security point of view. 

Resolution

Q. Does CSP\DCSSA self-signed certificate use a RSA key that is shorter than 1024-bits? Such keys are considered weak due to advances in available computing power decreasing the time required to factor cryptographic keys. 

Ans:- Self-signed certificate key being generated during installation is 1024-bits
 
 
Q. Does CSP\DCSSA certificate use signature algorithms like MD2, MD4, or MD5 which are known to be vulnerable to collision attacks?
Ans:- The signature algorithm used for CSP\DCSSA certificate is SHA-1 with RSA. 
 
Q. What is the validity of the Self-Signed CSP\DCSSA certificate?
Ans:- The self-signed certificate is always valid for 10 years.
 
Q. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048-bits. Can we upgrade CSP\DCSSA certificate to 2048-bits?
Ans:- If you are are concerned about the security, you can upgrade current CSP\DCSSA certificate to 2048-bit key. Please check this article for more details:    http://www.symantec.com/docs/HOWTO77126
          Please keep in mind that it might slow down the communication if you use a larger bit key.