Creating a CSR in the modern era

sneakyimp · 08-09-2011, 03:42 PM

I've only done this once or twice before, but I'm about to generate a certificate signing request (CSR) so I can install an SSL cert on my domain. I know there are plenty of tutorials out there for this, but a lot of the ones I've seen are quite old, like this one at verisign.com that is from 2007:
https://knowledge.verisign.com/suppo...SLINK&id=AR198

I'm wondering a couple of things in particular:
* is des3 the current best practice?
* is 2048 bits enough?
* what's the best way to handle the passphrase issue: create key pair without passphrase? or remove the passphrase later (I forget how this is done). Obviously, I would like to follow security best practices.

timur91 · 08-10-2011, 06:32 AM

For better security it's best to use des3 but the common practices are to use RSA keys
Yes, 2048 bit keys are what is used most of the times
It does not matter when you remove the passphrase. If you leave the key then you will be asked to enter whenever you want to use it.

java socket

sneakyimp · 08-10-2011, 02:10 PM

Thanks for your response.

I was wondering if having a passphrase in my key would cause problems for the Certificate Authority when they receive my CSR -- i.e., would *they* be prompted for the passphrase. Or, alternatively, would the cert that they issue require a passphrase if I am to use it with Apache?

I noticed that when I create a CSR that I am prompted for the passphrase so my guess is that it will not. I'm now wondering is it safe to email a certificate signing request to someone? What risk, if any, is introduced if someone obtains a copy of my CSR?

anomie · 08-10-2011, 02:22 PM

Just to be clear, DES3 (in the example you cited) is used to encrypt the private key itself. If you do so, you'll always need to provide a key (passphrase) when accessing it. Even when you reboot your server. Not practical.

Yes, it's safe to email a CSR, and assume it will be intercepted. It is not safe to email your private key, transfer it clear text in any fashion, or store it unencrypted in a questionable location.

salemeni · 08-11-2011, 07:50 AM

Quote:

Originally Posted by sneakyimp

Thanks for your response.

I was wondering if having a passphrase in my key would cause problems for the Certificate Authority when they receive my CSR -- i.e., would *they* be prompted for the passphrase. Or, alternatively, would the cert that they issue require a passphrase if I am to use it with Apache?

I noticed that when I create a CSR that I am prompted for the passphrase so my guess is that it will not. I'm now wondering is it safe to email a certificate signing request to someone? What risk, if any, is introduced if someone obtains a copy of my CSR?

The CSR contain a public information (public key + infos like CN, O ,OU,) it's safe to send it by mail
But private key must be keeped securily.

generics array

sneakyimp · 08-11-2011, 09:18 AM

Thanks for the response.

What about DES3? I understand from searching around that DES has been superceded by AES and that DES3 is more or less a band-aid on DES. If I were to prefer AES, I see that openssl has numerous options:

Code:

Cipher commands (see the `enc' command for more details)
aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc    
aes-256-ecb    base64         bf             bf-cbc         bf-cfb         
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc      
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc        
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb    
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb   
des-ofb        des3           desx           rc2            rc2-40-cbc     
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb        
rc4            rc4-40

Which ones are stronger? Are any subject to US Export restrictions?

Noway2 · 08-11-2011, 12:03 PM

You might want to look at startssl.com. If you own the domain, you can get a free SSL cert that the browser will actually recognize without issuing warnings.

anomie · 08-11-2011, 01:51 PM

Quote:

Originally Posted by sneakyimp

What about DES3? I understand from searching around that DES has been superceded by AES and that DES3 is more or less a band-aid on DES. If I were to prefer AES, I see that openssl has numerous options...

Sure, but it's a big, powerful band-aid.

Anyway, as symmetric ciphers go, AES is generally to be preferred. But this is something of a moot point if you're not going to be encrypting your private key.

If you do want to encrypt your private key for the purpose of backups (for instance), then you can use gpg(1)* or openssl's enc(1) with AES. Read this blog entry if you're so inclined.

-------

* Before anyone asks, yes - gpg(1) does support symmetric encryption.