Are there any disadvantages to using a 4096-bit encrypted SSL certificate?

ssl https certificate ssl-certificate
50,378

Solution 1

If you are going to use Amazon CloudFront, they only supports up to 2048 bit keys as of today.

References:

Solution 2

If you have a 4096 bit SSL certificate, in order to support some clients (especially Java-based clients and some older clients) you will want to generate a 2048 bit or 1024 bit Diffie-Hellman Key and add it to your server certificate. However, if you support a 1024 bit DH key you should also be aware of the Logjam attack. You can accommodate these clients easily by adding a DH key of the appropriate size, but first carefully consider which clients you want to support.

Solution 3

Hi sorry for answering SOOO OLD thread, but the main point in "NOT" creating 4096 cert is, your CA cert will be 2048, so creating sub cert 4096 is pointless... when even having 2049 bit long cert will make attacker attack your CA cert instead yours.

Share:
50,378
cwd
Author by

cwd

Updated on July 09, 2022

Comments

  • cwd
    cwd almost 2 years

    I was recently requesting a SSL cert via GoDaddy and noticed this message:

    Make sure the CSR you generate uses a 2048-bit or greater key length

    In the past I have always generated 2048-bit CSR requests, but this time it got me thinking that perhaps I should "step it up," and it seems like the next step would be a 4096-bit version.

    There isn't much info available on 4096-bit SSL certs - but apparently many people have been using 1024-bit certificates until they absolutely had to upgrade and now some browsers won't support the 1024-bit certificates anymore.

    How is browser support for 4096-bit certificates? If GoDaddy requires "at least" a 2048-bit certificate, is that enough, or should I try and do something more? If so, what are the advantages and disadvantages?

    PS: the two links in GoDaddy's message are CSR Help and Learn more, neither of which I found very helpful.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

The certificate is not trusted because no issuer chain was provided
Assign CA certificate to Fortigate https WAN interface
How to set up an SSL Cert with Subject Alternative Name
Is this SSL certificate chain broken and how to fix it?
How to fix the "java.security.cert.CertificateException: No subject alternative names present" error?
Issues with TLS connection in Golang
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
iPhone: install certificate for SSL connection
Error while creating self-signed SSL certificate
Connecting to MySQL server with ssl