Knowledgebase

Elliptic Curve Cryptography (ECC) Certificates

Cryptography, the science of encrypting data and information, is the backbone of SSL. Every time you visit a website that is secured by an SSL certificate, your computer works with that website’s server to encrypt and then decipher all data sent over the connection. Without going into too much detail, this process is made possible by the computation of a specific algorithm that is used to sign that website’s certificate.

The most commonly used signature algorithm is RSA (Rivest-Shamir-Adleman, named for the first people to work with it). The vast majority of SSL certificates are signed by an RSA algorithm that is incredibly difficult to solve without the associated private key.

Although RSA is the industry standard signature algorithm, many system admins rightfully believe that one can never be too secure. Any SSL user that is not satisfied with the strength of RSA might be interested in a relatively newer cryptographic signature algorithm called Elliptic Curve Cryptography (ECC), which is thought to be significantly harder to break into than RSA due to its discrete mathematical properties.

Overview of Elliptic Curve Cryptography (ECC)

The signature algorithm of Elliptical Curve Cryptography is based on the algebraic properties of eliptical curves. Because ECC uses a different, more complex algorithm, ECC private keys are generally much shorter in length than RSA keys, but are also considerably stronger. A 256-bit ECC key is equal in power to a 3072-bit RSA key–for reference, the industry standard RSA key size is 2048-bits.

This difference in strength does not mean that the widely-used RSA algorithm is insecure or being phased out any time soon. ECC simply grants an even higher level of security than is standard, and often allows systems to complete their “handshakes” over a secured connection faster than usual because of the shorter key.

However, there are a few reasons why you might not want to switch to ECC just yet. It’s a newer algorithm, which means it hasn’t been as thoroughly tested for vulnerabilities as the tried and true RSA. There are also a number of browsers, servers, and devices that don’t support it, and will not be able to create a secure connection with a website that uses an ECC certificate. Additionally, slower processors can take longer to decipher ECC encrypted data because the algorithm is just that much more complicated than RSA.

How to Get an ECC Certificate

If you do decide that an ECC certificate is right for your domain, you’ll need to start by purchasing an SSL certificate that can use this algorithm. The Symantec Secure Site Pro is the only Digicert product offered by The SSL Store that can utilize ECC at this time, but any Comodo product can be issued with ECC.

When you’re ready to generate your certificate, you’ll need to create an ECC Certificate Signing Request on your system. This should be something you enable during the CSR generation process on your server. Then all you have to do is finish the SSL process the same way it’s always done. After validation the Certificate Authority will provide an ECC signed certificate to you, ready to secure your domain.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 Troubleshooting Insecure Content

One of the most common issues site owners run into when installing and SSL certificate and migrating to HTTPS is Insecure Content. This error is produced when content on a secure website is being loaded through a non-secure source. An example...

 What is Certificate Transparency

Why logging SSL certificates makes the internet safer Certificate Transparency is a mechanism used to publicly log SSL certificates, this helps website owners and watchdogs detect mis-issuance. Of all the threats facing the SSL industry,...

 Multi-Domain Wildcard Certificates

If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, look no further than the Multi-Domain Wildcard SSL certificates. Offered by all major Certificate Authorities, these SSL Certificates are a...

 Troubleshooting a Name Mismatch in Web Browser

A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL...

 Combining Multiple Intermediate Certificates

Due to the limitations on select browsers and mobile devices, Certificate Authorities often do not have their Intermediate Certificates deployed for various reasons such as size limitations. Without these Intermediate Certificates being either...

Powered by WHMCompleteSolution