Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
2
Replies

ACE SSL Key & Certificate rules

Go to solution
new_networker
Level 1
Level 1

‎10-22-2008 10:49 AM

hi,

- Is it necessary that every CSR (different common names) use/generate a unique key or a single key can be used for multiple CSRs (i.e. different common names).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎10-22-2008 11:25 AM

I dont see why it shouldn't work but its definitely not recommended and is not a good idea.

From Carlisle Adams' PKI book, recommending against putting the same key

in multiple certs:

"It is too easy to "slip up" and not hold all other important aspects of

these multiple certificates constant. [...] If a single public key is

contained in multiple certificates and the private key is compromised (or

other circumstances occur that require revocation), it must be "remembered"

(or discovered) which certificates contain this key so that they may all be

revoked. [...] Having the same public key in multiple certificates can

complicate the administrative processes involved in certificate management."

http://www.amazon.com/exec/obidos/ASIN/0672323915/104-7451273-2110334

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎10-22-2008 11:25 AM

I dont see why it shouldn't work but its definitely not recommended and is not a good idea.

From Carlisle Adams' PKI book, recommending against putting the same key

in multiple certs:

"It is too easy to "slip up" and not hold all other important aspects of

these multiple certificates constant. [...] If a single public key is

contained in multiple certificates and the private key is compromised (or

other circumstances occur that require revocation), it must be "remembered"

(or discovered) which certificates contain this key so that they may all be

revoked. [...] Having the same public key in multiple certificates can

complicate the administrative processes involved in certificate management."

http://www.amazon.com/exec/obidos/ASIN/0672323915/104-7451273-2110334

Syed Iftekhar Ahmed

0 Helpful

Go to solution
dan.stith
Level 1
Level 1

‎11-05-2008 10:15 AM

Always use a unique key per CSR. while it it technically possible the prior poster gave many of the reasons why it is a bad idea and there are many others. Just assume a key pair is unique to a CSR.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card