3

Well, how to make a client SSL certificate, which doesn't need an (external) certification authority?

Is there a way and is any profit to use elliptic curves for that?

What should i do to use it on a server? How to make a server accept a certificate? How does a server know which user has logged in?

Improve this question
3
  • Have you tried searching that out? Perhaps this would be helpful: techlx.blogspot.com/2010/05/… It was the #6 result when I searched. (This question right here was #5)
    – 700 Software
    Commented Mar 5, 2013 at 22:06
  • I tried. If i search for "self-signed client SSL certificate", word "client" is simply ignored. >This question right here was #5< - wow, that fast?
    – Smit Johnth
    Commented Mar 5, 2013 at 22:32
  • Still no detailed answer?
    – Smit Johnth
    Commented Apr 6, 2013 at 18:56

1 Answer 1

Reset to default
2

A self-signed client certificate for SSL is just a self-signed certificate with a key suitable for signatures. Just about any self-signed certificate will do, as long as you do not explicitly restrict it to encryption (i.e. don't insist on including a Key Usage extension, and you'll be fine).

Elliptic curves are massively spiffy. But not everybody supports them yet. Advantages of elliptic curves are that they yield shorter public keys and smaller and faster signatures than RSA. Not that it matters much anyway (as a human being, you cannot make the difference between 50 and 1000 µs). More importantly, using elliptic curves confers early adopter status. It is the cryptographic equivalent of buying a red sports car.

Improve this answer
1
  • >as a human being, you cannot make the difference between 50 and 1000 µs< - try running openssl speed on your desktop and consider that there are more weaker devices like DSL routers. ECC is faster in anything excluding verifying signatures - that's why i asked.
    – Smit Johnth
    Commented Mar 5, 2013 at 23:29

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .