Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
3
Replies

Global Cerificate on CSS 11503

glenngriffin
Level 1
Level 1

‎09-03-2005 03:04 PM

Hi

I am planning to enable https for few web servers behind a CSS 11503. I have tested the functionality with the trial cert every thing works as desired.

Now I need to buy a certificate from Verisign to make it work in production.

At verisign they offer two different certs (Secure Site --40 bits encryption) and (Secure Site Pro -- 128 bit encryption).

1. Is this 128 bit cert a "global cert"? and I need to concatenate the "intermediate cert" and "server cert" to make it work?

2. If all my users are in USA then does it make sense to buy this 128 bit certificate?

3. Verisign website also asks for "server Platform" and cisco is not mentioned as an option (I can see other LB as F5 in the list). What should I select for the server Platform when I am requesting it for CSS 11503 (I have generated the CSR on CSS 11503).

Thanks in advance

Glenn

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-04-2005 11:06 PM

Here is the answer to your questions.

1. you need to check with Verisign

2. 40 bits encryption is not considered secure nowadays. So I would suggest 128 bits.

3. Select Apache as the platform type.

Gilles.

Thanks for rating.

0 Helpful

glenngriffin
Level 1
Level 1
In response to Gilles Dufour

‎09-05-2005 08:09 PM

1.The guy who picked the phone at verisign had no clue.Verisign website says the following

Secure Site Certificate (40bit minimum)- SSL Certificates without SGC

To install your SSL Certificate, go to the instructions below for your server software. If your server is not listed or you need additional information, refer to your server documentation or contact your server vendor

.

Secure Site Pro Certificate(128bit minimum) - SSL Certificates with SGC

If you are installing an SSL Certificate with SGC, you need to copy an Intermediate CA Certificate before proceeding to the installation instructions for your server software.

2.My understanding was that 40 bit is minimum encryption level and only old browsers (exported ones) will us 40/56 bit ciphers. Other wise even with 40 bit certificate the new browsers will establish a 128 bit session.

Verisign says about their 40 bit certificate

"40-Bit to 256-Bit SSL Encryption Non-SGC SSL Certificates provide a minimum of 40-bit and up to 256-bit SSL encryption. Site visitors using certain older browsers and many Windows 2000 users will only receive 40- or 56-bit encryption unless they’re connecting to an SGC-enabled SSL Certificate"

I found a document on net in favor of buying 40 bit certs.

http://www.whichssl.com/myths_about_sgc.html

Gilles I am a bit confused here.Need HELP :)

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to glenngriffin

‎09-05-2005 11:33 PM

I'm going to check with one of our expert on Certificates and get back to you asap.

I didn't know we could do 128 bits encryption with a 40 bits certificate.

Thanks,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card