That is exactly what I needed to know. Thank you very much! > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Saturday, April 15, 2006 1:11 PM > To: Discussion Lists > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Advice on private keys and SSL > > > lör 2006-04-15 klockan 10:07 -0700 skrev Discussion Lists: > > Obviously I would want different certificates for different > domains. > > BUT would I want to have a different key for each certificate? > > Lets put it this way: Normaly you have one key per > certificate, and also generate a new key each time the > certificate is renewed, and there is no reason not to. > > I know of only a single situation where one would consider > using the same key for multiple certificates and it's if > using an RSA accelerator which can not handle multiple keys. > But given the fact that even entry level RSA accelerator > chips for SSL doesn't have any practical restrictions on the > number of RSA keys I doubt you will run into such situation.. > > Similarly I know of only one situation where one would like > to keep the same key on a certificate renewal and it's if the > key is somehow recorded into restricted hardware and not easy > to change. > > So while it is true that technically you can use the same key > for all certificates if you want to generally it's best to > use unique keys per certificate. > > Regards > Henrik >
