Scope: All SSL users
Effective Date: 01/31/2010
Group Name: Security Product Support
Affected Locations: All
Summary: If you are the primary or secondary owner of an SSL certificate, you need to start preparations for the change to a new Certificate Authority (CA) and to a 2048-bit certificate keypair, if you haven't already. Due to changing industry standards, all certificates must eventually migrate to using 2048-bit keypairs. (The keypair is generated when the Certificate Signing Request (CSR) is created, and is tied to the certificate.) A new CA is also needed to meet the new 2048-bit requirement.
Justification: Awareness of Changes to Digital Certificates
Benefits to Users: Increased Security
Details: Your existing SSL cetificate is good for one year from the date it was generated.
If you are renewing your certificate between now and 10 May 2011, you will have the option to have your SSL certificate signed by:
the new CA (which requires 2048-bit keypair)
OR
the old CA which will let you choose to submit either the 1024-bit keypair or the 2048-bit keypair.
If your certificate is expiring after 10 May 2011, your only option will be the new CA with 2048-bit keypair.
Instructions provided by Verisign on how to generate a CSR on the more common server types include the instructions to set the key length to 2048-bits
Primary Contact: Jose Ramos
Secondary Contact: Tim Mcelheny
|
Usercomm - 2048-bit Key Change for SSL