- 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
ASP Certificate Options and Requirements
- Updated on 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
Every ASP needs to have an ASP public/private key pair with an associated certificate or certificate chain. The ASP can generate the key pair and the certificates, or purchase them from a verified third-party certification authority (CA), such as VeriSign, GlobalSign, Comodo, or DigiCert.
ASPs that intend to generate the key pairs and the certificates themselves can choose from the following options:
Requirements for ASP key pairs and certificates
The ASP certificates must meet the following requirements:
The key pairs and the certificates should use either the RSA PKCS #1 v1.5 or the RSA PSS digital signing algorithm. OneSpan recommends the RSA PSS digital signing algorithm.
All key pairs should have a key length of at least 2048 bits.
All certificates should use one of these hash functions:
SHA-256
SHA-384
SHA-512
The lifetime of the ASP leaf certificate should not be longer than five years.
The lifetime of the ASP root certificate and the intermediate certificate should not be longer than ten years.