ECC

What is ECC (Elliptic Curve Cryptography)?

Elliptic Curve Cryptography (ECC) is an algorithm which can be used as an alternative for RSA (RSA is currently the most used algorithm for SSL). ECC keys are harder to crack compared to RSA keys, which in return makes them safer. ECC keys are shorter than RSA keys (in comparison; An ECC key consisting of 224 bit is equal to a RSA key of 2048 bit). Due to the ECC keys being smaller the secure connection can be established much faster, less bandwidth is also used. Modern browsers are more than capable of running ECC certificates, both desktops/laptops and mobile devices. Due to the ECC keys using less physical space the CPU demand and power consumption on servers are lower.

Requesting an ECC SSL certificate

By default every Certificate_Authority (CA) issues certificates with RSA keys. Comodo also issues ECC certificates. To request an ECC certificate from Comodo, you will need to use an ECC CSR while requesting the certificate.

Symantec also offers some ECC options.  When ordering Symantec Pro certificates, an ECC certificate will be issued alongside the RSA certificate. The following products come with an ECC certificate:

  • Secure Site Pro
  • Secure Site Pro EV

Order SSL certificate

There are currently two manuals available that show you how to generate an ECC CSR. This can be done in the MMC or by using OpenSSL.

Because of the obvious advantages, we expect that more CA's will soon start issuing ECC certificates.

What are the minimum requirements for clients?

Browser Minimum version required
Mozilla Firefox
2.0
Google Chrome 1.0 on ECC compatible OS
Microsoft IE 7 on ECC compatible OS
Microsoft Edge All versions
Apple Safari 4 on ECC compatible OS
Operating System
Microsoft Windows Vista, 7, 8 & 10
Apple OS OS X 10.6
Google Android 4.0
Red Hat Enterprise Linux 6.0
Server
Apache HTTP server 2.2.26
Nginx 1.1.0
Windows Server 2008
Apache Tomcat 1.1.30
Dovecot 2.2.5
IBM HTTP Server 8.0 w/ PM80235
Sun Java System Web Server 7.0

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues