What is ECC (Elliptic Curve Cryptography)?
Elliptic Curve Cryptography (ECC) is an algorithm which can be used as an alternative for RSA (RSA is currently the most used algorithm for SSL). ECC keys are harder to crack compared to RSA keys, which in return makes them safer. ECC keys are shorter than RSA keys (in comparison; An ECC key consisting of 224 bit is equal to a RSA key of 2048 bit). Due to the ECC keys being smaller the secure connection can be established much faster, less bandwidth is also used. Modern browsers are more than capable of running ECC certificates, both desktops/laptops and mobile devices. Due to the ECC keys using less physical space the CPU demand and power consumption on servers are lower.
Requesting an ECC SSL certificate
By default every Certificate_Authority (CA) issues certificates with RSA keys. Sectgio (Comodo) also issues ECC certificates. To request an ECC certificate from Comodo, you will need to use an ECC CSR while requesting the certificate.
Symantec also offers some ECC options. When ordering Symantec Pro certificates, an ECC certificate will be issued alongside the RSA certificate. The following products come with an ECC certificate:
- Secure Site Pro
- Secure Site Pro EV
There are currently two manuals available that show you how to generate an ECC CSR. This can be done in the MMC or by using OpenSSL.
Because of the obvious advantages, we expect that more CA's will soon start issuing ECC certificates.
What are the minimum requirements for clients?
|Browser||Minimum version required|
|Google Chrome||1.0 on ECC compatible OS|
|Microsoft IE||7 on ECC compatible OS|
|Microsoft Edge||All versions|
|Apple Safari||4 on ECC compatible OS|
|Microsoft Windows||Vista, 7, 8 & 10|
|Apple OS||OS X 10.6|
|Red Hat Enterprise Linux||6.0|
|Apache HTTP server||2.2.26|
|IBM HTTP Server||8.0 w/ PM80235|
|Sun Java System Web Server||7.0|
Call us +31 88 775 775 0
Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues