Friday, June 15, 2012

How to find a good name for your Certificate Authority

It is a often ask question. How should I name my new Certificate Authority. Well, this is not an easy job but I want share my thoughts.

Think this name should be used for next 10 or 20 years from now and is not changeable (or a name change would be very hard to do)

Items to consider:
  • Should have some sort of identification between 
  • Should not include brand names from others, may also not from your company
  • Should be short and simple to read (even for your end-users)
  • Avoid special characters or signs, best is characters A-Z, a-z and numbers 0-9
  • Remember: a company name or legal form can change
  • Probably you will have more than one root CA over the years, as a second PKI or as a replacement for the CA you plan today, so add some version information or a generation name to the CA name e,g, R1
- R1 (Root generation 1) or P1 (Policy CA generation 1) or I1 (Issuing CA generation 1)

bad example: My Root CA

better: SEC Root CA R1 (Security Attic Root CA generation 1)

And if you use acronyms you can flexible read or interpret them in the future. :-)