[users@httpd] SSL Cert signed by Intermediary CAs cause delays?

["Ali, Saqib" <do...@gmail.com>]

Do SSL Cert signed by Intermediary CAs cause additional delays
compared to SSL certs signed by root CAs?

We have an application that makes excessive amount of SSL calls, and
from the time we installed a SSL cert signed by an Intermediary CA the
applications is extremely slow.

Any thoughts?

saqib
http://doctrina.wordpress.com/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SSL Cert signed by Intermediary CAs cause delays?

[Chad Morland <cm...@gmail.com>]

On Sun, Jun 8, 2008 at 6:47 PM, Ali, Saqib <do...@gmail.com> wrote:

> Do SSL Cert signed by Intermediary CAs cause additional delays
> compared to SSL certs signed by root CAs?
>
>
Whether the certificate is signed directly by a root CA or is a 'chained SSL
certificate' has no impact on the request time of the SSL connection.

However, changing the encryption level of the certificate will impact the
time it takes for you to process SSL transactions. If you went from a 40-bit
certificate to 128-bit, for example, it will take almost 3x as long for the
necessary calculations to take place.

If your application is making an "excessive amount of SSL calls" then you
can look into some hardware based SSL cards that are specifically designed
to increase the performance of SSL calculations.

http://www.ncipher.com/products/ssl_acceleration/22/nfast/

-CM