[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is CA issued certificate using OpenSSL as good as GoDaddy

Am Thu, 12 Mar 2015 19:04:26 +0000
schrieb jeevan kc <jeev_biz@hotmail.com>:

> I followed the  below OpenLDAP guide to create CA issued certificate
> using OpenSSL and was able to enable SSL in the ldap server and
> applications can  connect via ldaps:// port 636. Now I have some
> questions from the management where this certificate is as safe as
> the commercial certificates out there. Can someone clarify this? I
> would appreciate it. 

It seems, the management has only  restricted knowledge. Ask your
management what is considered a safe commercial certificate.
To my understanding, a safe Certification Authority (CA) is safe, as
long as the key is stored in an iron safe and not available to the
world, while the certificate (CA) has to be available to the world.
A X.509 (host or user) certificate, created according ITU-T X.509 and
signed with your CA, is secure, if it meets todays agreed security
measurements i.e.

- use a 2048 bit RSA or a 256 bit ECDSA private key
- secure the host and user private keys 
- use elliptic curve cryptography for transport security

you may want to read 


Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B