Description | This article explains how to select the key type and handle encryption when creating a Certificate Signing Request (CSR) using Simple Certificate Enrollment Protocol (SCEP) with Elliptic Curve Cryptography (ECC). |
Scope | FortiGate v7.0, v7.2 and v7.4. |
Solution |
In the world of cryptography, RSA and Elliptical Curve plays a vital role when it comes to public key encryption and key exchange.FortiGate allows to use of either of the key types to help generate a certificate request based on the application.
The steps can be widely broken down into stages as below:
Elliptical Curve is less popular as compared to Rivest–Shamir–Adleman (RSA) in terms of small key size, efficiency, and cryptographic operation.
Since EC keys are not encryption capable as per RFC 8894, the underlaying mechanism to keep the message data encrypted is achieved by the 'CMS Key Trans Recipient Info Mechanism'.
When navigating through System > Certificates for generation of certificate requests with online SCEP, select Elliptical curve as the key type.
Since Elliptical curve cryptographic keys themselves cannot encrypt data, the Cryptographic Message Syntax mechanism is employed to encrypt the message in the certificate response. This encryption process is part of the PKCS (Public Key Cryptography Standards) message creation, ensuring secure communication during certificate operations. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.