> I'm trying to generate a 40-bit certificate using OPENSSL.Can > anybody tell me if this is possible and with which package?
The RSA keys used in X.509 certificates are typically 1024 or 2048 bits in length. What length the symmetric key used between two parties that have authenticated via X.509 certificates (with RSA keys) to subsequently protect their communication has, is not directly related to the certificate. There are web browsers that will negotiate 128 bits only if the certificate presented by the web server is a "step-up certificate". I'm not sure what makes a certificate a step-up certificate, however, nor if this restriction still applies to current browsers. Cheers, Tobias
