ASP Certificate Options and Requirements
  • 14 Oct 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

ASP Certificate Options and Requirements

  • Dark
    Light
  • PDF

Article summary

Every ASP needs to have an ASP public/private key pair with an associated certificate or certificate chain. The ASP can generate the key pair and the certificates, or purchase them from a verified third-party certification authority (CA), such as VeriSign, GlobalSign, Comodo, or DigiCert.

ASPs that intend to generate the key pairs and the certificates themselves can choose from the following options:

Requirements for ASP key pairs and certificates

The ASP certificates must meet the following requirements:

  • The key pairs and the certificates should use either the RSA PKCS #1 v1.5 or the RSA PSS digital signing algorithm. OneSpan recommends the RSA PSS digital signing algorithm.

  • All key pairs should have a key length of at least 2048 bits.

  • All certificates should use one of these hash functions:

    • SHA-256

    • SHA-384

    • SHA-512

  • The lifetime of the ASP leaf certificate should not be longer than five years.

  • The lifetime of the ASP root certificate and the intermediate certificate should not be longer than ten years.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant