Nội dung
Updated on September 15, 2020: Currently, when using ECC SSL, your website may not be accessible on Firefox. The upcoming LiteSpeed Webserver 6.0 will support the use of both SSL certificates at the same time. AZDIGI will make an announcement when this feature is supported.
SSL certificate is almost too familiar to all website owners, it is a certificate that helps websites that support HTTPS protocol to become more secure, thanks to the mechanism of encrypting data sent on the website through the web browser. Browser.
Before going into the details, AZDIGI would like to introduce a video explaining how HTTPS and SSL/TLS work in a very easy-to-understand and intuitive way.
While currently, data is encrypted and decrypted through the RSA encryption algorithm, recently another encryption algorithm was born and had more advantages in encrypting and decrypting is the ECC algorithm (Elliptic Curve Cryptography), aka Curve Cryptography.
An ECC SSL certificate is the same as a regular SSL certificate using the RSA algorithm, but it uses ECC in the Diffie-Hellman key exchange (key exchange) and ECDSA in the digital signature algorithm on the certificate.
Why is ECC SSL better than RSA?
Of course, if ECC wasn’t better than RSA, we wouldn’t have an introductory article about it here. In short, the biggest advantage of certificates using ECC is that the encryption key will be shorter and smaller than the RSA encryption key on the same level of security.
For ease of understanding, you can refer to the below encryption key length comparison table between ECC and RSA.
| Symmetric Key Size (bits) /Security level (bits) | RSA and DSA Key Size (bits) | ECC Key Size (bits) |
| 80 | 1024 | 160 |
| 112 | 2048 | 224 |
| 128 | 3072 | 256 |
| 192 | 7680 | 384 |
| 256 | 15360 | 512 |
Normally, when generating a private key to use SSL Certificate authentication, we usually use RSA encryption with a length of 2048bit; but with the same level of security as the symmetric key of 112bits, we only need to use the private key with an encryption length of only 224bits.
This will make the encryption/decryption process faster and consume less resources than RSA encryption. Thereby reducing the load on the server as well as the client in the process of encrypting information.
LiteSpeed Webserver supports ECC SSL
Since version 5.4.8, LiteSpeed has started supporting ECC SSL certificates and it also allows a website to use both RSA and ECC certificates interchangeably. That is, if the visitor’s machine uses a browser that supports ECC SSL, it will use this certificate, and use regular SSL with RSA if their browser does not support ECC.
And of course, after a period of testing, AZDIGI has also decided to enable this feature on all hosting servers so that all customers can use the EEC SSL certificate on the website.
To be able to use ECC SSL, your website needs to have an active SSL certificate, it can be a free SSL certificate or a paid SSL certificate.
To create an ECC SSL certificate, you just need to access the cPanel interface of the hosting package at AZDIGI, find the LiteSpeed Web Cache Manager function.
Scroll down and select Manage EC Certificates.
Click the Update List button to update the list of websites on the host, and click the Generate All button to generate an ECC SSL certificate for the entire website, or click the Generate button on each website that you want to use ECC SSL.
Check website using ECC SSL
To check if your website already supports ECC SSL, you can proceed to use the SSL test tool at https://www.ssllabs.com/ssltest/index.html and if the results show up you use the certificate EC 384bits is the website you already have an ECC SSL certificate.
Kiểm tra website sử dụng ECC SSL
Limitations when using ECC SSL
When your website uses an auto-generated ECC SSL certificate on the host, the SSL certificate is a free Let’s Encrypt SSL certificate and it will also renew itself if the ECC SSL certificate is nearing its expiration date.
This means that if your website is using a paid SSL certificate with a higher level, and if you create an ECC SSL certificate through the function above when accessing browsers that support ECC SSL, then The certificate it claims is free Let’s Encrypt certificate. For browsers that do not support ECC SSL, it will use a private certificate as usual.
Currently, when buying hosting at AZDIGI, you can contact the Technical Department to receive support related to ECC SSL certificates through the following means:
- Submit a support ticket: http://bit.ly/azdigi-ticketkythuat
- Email : support@azdigi.com
- Hotline: 028 888 24768
