Login
    Contents x
    ASP Certificate Options and Requirements
    • 21 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Contents

    ASP Certificate Options and Requirements

    • Updated on 21 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Article summary

    Every ASP needs to have an ASP public/private key pair with an associated certificate or certificate chain. The ASP can generate the key pair and the certificates, or purchase them from a verified third-party certification authority (CA), such as VeriSign, GlobalSign, Comodo, or DigiCert.

    ASPs that intend to generate the key pairs and the certificates themselves can choose from the following options:

    Requirements for ASP key pairs and certificates

    The ASP certificates must meet the following requirements:

    • The key pairs and the certificates should use either the RSA PKCS #1 v1.5 or the RSA PSS digital signing algorithm. OneSpan recommends the RSA PSS digital signing algorithm.

    • All key pairs should have a key length of at least 2048 bits.

    • All certificates should use one of these hash functions:

      • SHA-256

      • SHA-384

      • SHA-512

    • The lifetime of the ASP leaf certificate should not be longer than five years.

    • The lifetime of the ASP root certificate and the intermediate certificate should not be longer than ten years.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant