Elliptic Curve Cryptography (ECC) Certificates

Cryptography, the science of encrypting data and information, is the backbone of SSL. Every time you visit a website that is secured by an SSL certificate, your computer works with that website’s server to encrypt and then decipher all data sent over the connection. Without going into too much detail, this process is made possible by the computation of a specific algorithm that is used to sign that website’s certificate.

The most commonly used signature algorithm is RSA (Rivest-Shamir-Adleman, named for the first people to work with it). The vast majority of SSL certificates are signed by an RSA algorithm that is incredibly difficult to solve without the associated private key.

Although RSA is the industry standard signature algorithm, many system admins rightfully believe that one can never be too secure. Any SSL user that is not satisfied with the strength of RSA might be interested in a relatively newer cryptographic signature algorithm called Elliptic Curve Cryptography (ECC), which is thought to be significantly harder to break into than RSA due to its discrete mathematical properties.

Overview of Elliptic Curve Cryptography (ECC)

The signature algorithm of Elliptical Curve Cryptography is based on the algebraic properties of eliptical curves. Because ECC uses a different, more complex algorithm, ECC private keys are generally much shorter in length than RSA keys, but are also considerably stronger. A 256-bit ECC key is equal in power to a 3072-bit RSA key–for reference, the industry standard RSA key size is 2048-bits.

This difference in strength does not mean that the widely-used RSA algorithm is insecure or being phased out any time soon. ECC simply grants an even higher level of security than is standard, and often allows systems to complete their “handshakes” over a secured connection faster than usual because of the shorter key.

However, there are a few reasons why you might not want to switch to ECC just yet. It’s a newer algorithm, which means it hasn’t been as thoroughly tested for vulnerabilities as the tried and true RSA. There are also a number of browsers, servers, and devices that don’t support it, and will not be able to create a secure connection with a website that uses an ECC certificate. Additionally, slower processors can take longer to decipher ECC encrypted data because the algorithm is just that much more complicated than RSA.

How to Get an ECC Certificate

If you do decide that an ECC certificate is right for your domain, you’ll need to start by purchasing an SSL certificate that can use this algorithm. The Symantec Secure Site Pro is the only Digicert product offered by The SSL Store that can utilize ECC at this time, but any Comodo product can be issued with ECC.

When you’re ready to generate your certificate, you’ll need to create an ECC Certificate Signing Request on your system. This should be something you enable during the CSR generation process on your server. Then all you have to do is finish the SSL process the same way it’s always done. After validation the Certificate Authority will provide an ECC signed certificate to you, ready to secure your domain.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 Troubleshooting a Name Mismatch in Web Browser

A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL...

 How to Create a .pem File for SSL Certificate Installations

.pem SSL Creation Guide SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of...

 Understanding Hash Functions

Maybe now you’ll finally understand the name of our blog Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of...

 Multi-Domain Wildcard Certificates

If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, look no further than the Multi-Domain Wildcard SSL certificates. Offered by all major Certificate Authorities, these SSL Certificates are a...

 How to Check a Certificate’s Expiration Date (Chrome)

Get certificate information on any website in just a few clicks. Checking your SSL certificate’s expiration date on Google Chrome is fairly easy. Depending on which version of Chrome you’re running, it can be done within just a few clicks. Here’s...

Powered by WHMCompleteSolution