A lot has been said recently about ECSDA certificates and elliptical curve cryptography (ECC), and about how they are the future of the humble SSL Certificate. Cloudflare has written serveral articles describing what excatly ECSDA certs are and how they function with ECC.
If you’re not familiar with ECC yet though, Cloudflare provided a pretty basic TL;DR; of what exactly ECC is and why it is important:
[…] ECC is the next generation of public key cryptography and, based on currently understood mathematics, provides a significantly more secure foundation than first generation public key cryptography systems like RSA. If you’re worried about ensuring the highest level of security while maintaining performance, ECC makes sense to adopt. https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
Based upon our current understanding of mathamatics, ECC provides significantly better security and performance than a typica 2048 RSA certificate. In this article, we’ll cover how to make a ECDSA Certificate Authority, a ECDSA compatible CSR, and how to sign ECDSA certs.
One of the things that really bugs me about online tutorials is that find one that’s accurate is a major pain. Recently I have to figure out (again) how to get secure dynamic DNS updates working with nsupdate and Bind9. Since I haven’t done this in nearly 3 years now, I had forgotten several important steps. In the hopes of saving someone else time (and mine in the future should I forget in the future). In truth getting this setup is relatively simple - you just have to know the right set of steps in order to get it done right.
For this tutorial I’ll be using the Ubuntu 12.04 and Bind9 from upstream.