picture of tbs certificates
picture of tbs certificates
Our products range

20131115 - ECC certificates swell the ranks of our range of products

In November 2013, new kind of certificates -using ECC cryptographic method - have entered TBS INTERNET SSL certificates range of products.

What is ECC?

ECC - standing for Elliptic Curve Cryptography - is a cryptographic method used for keys and certificates generation.

What are the differences with RSA?

Based on a different cryptographic method, ECC provides keys way shorter than RSA ones for an equivalent security level.

Which products are concerned?

ECC option is, for now, available on TBS X509 and Sectigo SHA256 server products and on PRO certificate from Symantec.

These products are pointed on our differents website by the graphic element:

ECC option

Note: Sectigo EV (Extended Validation) products have a full ECC certification chain, meaning that certificate, intermediate certificates and root certificate are all in ECC format. Non-EV product have a crossed certification chain and are attached to a RSA chain.

Consequences: ECC is not well deployed on browsers. A crossed certification chain helps improve this kind of certificate's recognition rate. Full ECC products are less recognized than their RSA counterparts.

Moreover, even if the certificate is recognized by the brower (root present), it exists the possibility that the browser may not be compatible with th technology.

Those 2 elements must be taken into account when abording the subject of recognition / compatibility.

What about the tariffs?

ECC option is totally free. When placing your certificate request, just provide a CSR in ECC format. The system automatically detect the key format to issue a corresponding certificate.

I have a SHA256 or PRO certificate, can I get its ECC equivalent (and conversely)?

Several scenarii:

  • TBS X509 and Sectigo Non-EV products: Yes, request a free reissuance via your certificate status page and provide an ECC CSR.

  • Sectigo EV products: No, the certification chain being a full ECC one, it is not possible to swing between ECC and RSA via reissuance.

  • Symantec products: Yes, if your certificate has been issued after April 2, 2013.

Additional information