Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I want to know If for a given server the certificate length will always be the same

X.509 certificates have an expiration date so the answer is no, the certificate will not always be the same so it follows the length may not always be the same. It could also be revoked prior to expiration, necessitating the acquisition of a new certificate (and possibly a new chain, all with possibly varying lengths). However, for any given short period of time, they will likely be constant. Short is relative - it is most likely up to the expiration time at least, but it can't be guaranteed. Whether or not this short period is good enough is completely dependent on the problem at hand.

Of course, if it is your server, and you make a certificate/pki infrastructure that lasts forever (my definition of forever is anything past my retirement age) and you choose to never change the credentials, then you could claim the certificate length will never change.