The security of the certificates used by SCSP need to be increased from the default 1024-bit to 2048-bit, and agent compatability needs to be verified.
Support for 2048-bit keys was introduced in Openssl 0.9.7, and certificates of this type will therefore work with SCSP 5.2.4 and later. However, since SCSP 5.2.9, the keys will be generated with a SHA256 hash. This is not supported until Openssl 0.9.8. They will therefore not work on versions of SCSP prior to 5.2.6 in which Openssl 0.9.8n was introduced.
In order to create 2048-bit certificates on an SCSP 5.2.9 server to be compatible with SCSP 5.2.4 agents, you would need to add the following switch to the command lines mentioned below:
|SCSP Version||2048-bit cert support?||SHA256 support?||Default SHA version|