This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.
First published on TECHNET on May 14, 2009Back in the year 2003 we have published information about the CA performance and how it is impacted by various factors. The TechNet article is called Evaluating CA Capacity, Performance, and Scalability and is more or less still valid. You may transform the enrollment numbers to current hardware capabilities.
One thing that I would like to point out here is the article’s statement about key-length. Key generation cost increases with key size, but that burden is borne by the client (remember the certificate enrollment flow as documented in How Certificates Work under heading How Certificates Are Created ). Therefore, the performance of the CA my only change with different key length if key archival is used. Then the CA will verify the public-private key pair match by performing a round trip encryption/decryption. If key archival is not used, the key length is neutral to the CA performance.