Ref: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#keysize
In Apache 2.2.11, as far as I tested, the use of 2048 bit server certificate is supported. [bhu...@cu062 CERTS]$ openssl rsa -noout -text -in server2048.key|grep key -i Private-Key: (2048 bit) However the following FAQ item is misleading. ------------------------------------------------------------- Why does my 2048-bit private key not work? The private key sizes for SSL must be either 512 or 1024 bits, for compatibility with certain web browsers. A keysize of 1024 bits is recommended because keys larger than 1024 bits are incompatible with some versions of Netscape Navigator and Microsoft Internet Explorer, and with other browsers that use RSA's BSAFE cryptography toolkit. ------------------------------------------------------------- Either the FAQ item should be removed, or fixed as follows: ------------------------------------------------------------- May I use 2048-bit private key? Yes, you can use 2048-bit private key. However, the keysize of 1024 bits is recommended. because keys larger than 1024 bits are incompatible with some versions of Netscape Navigator and Microsoft Internet Explorer, and with other browsers that use RSA's BSAFE cryptography toolkit. ------------------------------------------------------------- Thank you. -- Regards, Bhuvaneswaran A www.livecipher.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
