RE: [squid-users] Advice on private keys and SSL

From: Discussion Lists <discussions@dont-contact.us>
Date: Wed, 19 Apr 2006 14:37:54 -0700

That is exactly what I needed to know. Thank you very much!

> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Sent: Saturday, April 15, 2006 1:11 PM
> To: Discussion Lists
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Advice on private keys and SSL
>
>
> lör 2006-04-15 klockan 10:07 -0700 skrev Discussion Lists:
> > Obviously I would want different certificates for different
> domains.
> > BUT would I want to have a different key for each certificate?
>
> Lets put it this way: Normaly you have one key per
> certificate, and also generate a new key each time the
> certificate is renewed, and there is no reason not to.
>
> I know of only a single situation where one would consider
> using the same key for multiple certificates and it's if
> using an RSA accelerator which can not handle multiple keys.
> But given the fact that even entry level RSA accelerator
> chips for SSL doesn't have any practical restrictions on the
> number of RSA keys I doubt you will run into such situation..
>
> Similarly I know of only one situation where one would like
> to keep the same key on a certificate renewal and it's if the
> key is somehow recorded into restricted hardware and not easy
> to change.
>
> So while it is true that technically you can use the same key
> for all certificates if you want to generally it's best to
> use unique keys per certificate.
>
> Regards
> Henrik
>
Received on Wed Apr 19 2006 - 15:37:59 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT