lör 2006-04-15 klockan 10:07 -0700 skrev Discussion Lists:
> Obviously I would want different certificates for different domains.
> BUT would I want to have a different key for each certificate?
Lets put it this way: Normaly you have one key per certificate, and also
generate a new key each time the certificate is renewed, and there is no
reason not to.
I know of only a single situation where one would consider using the
same key for multiple certificates and it's if using an RSA accelerator
which can not handle multiple keys. But given the fact that even entry
level RSA accelerator chips for SSL doesn't have any practical
restrictions on the number of RSA keys I doubt you will run into such
situation..
Similarly I know of only one situation where one would like to keep the
same key on a certificate renewal and it's if the key is somehow
recorded into restricted hardware and not easy to change.
So while it is true that technically you can use the same key for all
certificates if you want to generally it's best to use unique keys per
certificate.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT