About Us
Microsoft Authenticode Code Signing
Buy GeoTrust SSL Certificate
Buy RapidSSL Certificate
Buy Thawte SSL Certificate
Certs 4 Less © 2024
A 4 Less Communications, Inc. Company
Digicert Algorithm Agility FAQ
Digicert Algorithm Agility Questions:
What is DSA?
What is ECC?
Why have you released these two new types of algorithms?
Which type of certificate will make my web server faster?
Are both ECC and DSA accepted by all browsers and devices?
What is my business reason for installing additional certificates?
Can I cover more than one server with the same certificate?
How do I install multiple certificates on a server?
How do I handle multiple certificates at renewal?
What if I need to replace a certificate?
What happens if I need to revoke a certificate?
Digicert Algorithm Agility Answers:
What is DSA?
The Digital Signature Algorithm (DSA) was developed by the United States government. DSA is a pair of large numbers that are computed according to the specified algorithm within parameters that enable the authentication of the signatory, and as a consequence, the integrity of the data attached. Digital signatures are generated through DSA, as well as verified. A DSA key pair will be the same size as the equivalent security RSA key. The key size will increase exponentially, the same way RSA does. (1024, 2048, 3072, 7680-bits)Learn More About Digital Signature Algorithm (DSA)
Back to Top
What is ECC?
Elliptic Curve Cryptography (ECC) provides similar functionality to the RSA algorithm, but requires less computing power. ECC encryption systems are based on the idea of using points on a curve to define the public/private key pair. The ECC key pair size will increase linearly, and is smaller than the equivalent security RSA key. (160,224,256,384-bits)Learn More About Elliptic Curve Cryptography (ECC)
Back to Top
Why have you released these two new types of algorithms?
We believe that our partners and customers should have expanded choice in choosing the right encryption methods for their businesses and needs. DSA and ECC have benefits over RSA in a number of scenarios and by making them available in our Enterprise and Digicert branded products for no extra charge, ensures that we are giving our partners the optimum flexibility and differentiation to be successful in the market place.Back to Top
Which type of certificate will make my web server faster?
There are many factors that can affect web server speed. Digicert offers three different kinds of algorithms so that our customers and partners can discover which certificate is the best option for their environment, or try out a combination in tandem.Back to Top
Are both ECC and DSA accepted by all browsers and devices?
Not necessarily. While DSA is a requirement for dealing with certain Government Agencies, neither DSA nor ECC have the ubiquity of RSA in terms of client acceptance. For standard website transactions in the near future, RSA is and will likely remain the most used algorithm for SSL Certificates. If you choose to implement ECC and/or DSA, you will need to install the full intermediate chain in implementation.Back to Top
What is my business reason for installing additional certificates?
The usage of each certificate type may depend greatly on the type of transaction intended, reviewed against the capability of the client device in terms of computation, storage and speed. Factors to consider here include the processing power of the end device, storage space, bandwidth, power consumption, and algorithm ubiquity. For servers that allow you to install multiple certificates in tandem, there is no cost, no risk, and 100% coverage.Back to Top
Will adding or changing certificates save me any money in infrastructure costs?
In testing, ECC has an improved server-side benefit of being able to accept more simultaneous handshakes compared to RSA. However, again, this must be weighed against what the client-side browsers, devices, or capabilities are.Back to Top
Can I cover more than one server with the same certificate?
No. Each algorithm.s certificate will be issued for the same server. One server can have more than one certificate loaded, but the alternative certificates only include one server license.Back to Top
How do I install multiple certificates on a server?
Each server has its own installation methods and customization plans. Please review the instructions available in our knowledge base for how to install a certificate. As stated above, you will need to install the full intermediate chain of certificates.Back to Top
How do I handle multiple certificates at renewal?
You renew your basic certificate in the usual fashion: Authorization and authentication review, then issue of the renewal certificate. After issuance, you will have the option to create one of these alternative certificates.Back to Top
What if I need to replace a certificate?
You can replace the DSA and ECC certificates as usual.Back to Top
What happens if I need to revoke a certificate?
DSA and ECC alternative SSL Certificates can be revoked independently of one another.Back to Top
SSL Certificates
- Digicert Secure Site
- Digicert Secure Site Pro
- Digicert Secure Site EV SSL
- Digicert Secure Site Pro EV SSL
- Digicert Wildcard Certificate
- Digicert SAN Certificates
- Digicert Algorithm Agility
- Compare Digicert SSL Certificates
- Thawte SSL123 Certificate
- Thawte SSL Web Server Certificate
- Thawte EV SSL Certificate
- Thawte SSL Web Server Wildcard
- Thawte SAN Certificates
- Compare Thawte SSL Certificates
- GeoTrust QuickSSL Premium
- GeoTrust QuickSSL Premium SAN
- GeoTrust True BusinessID
- GeoTrust True BusinessID EV SSL
- GeoTrust Wildcard SSL Certificate
- GeoTrust True BusinessID SAN
- GeoTrust True BusinessID SAN EV
- Compare GeoTrust SSL Certificates
