It’s now the best time to step up security because, well, it’s required now. The specific dates of these mandates for new certificates and renewals will vary depending on the brand and type of certificate. For some, there is nothing that needs to be done for those currently installed certificates, however, when those certificates expire users will need to renew by generating a Certificate Signing Request of at least 2048-bits. If you have a SSL Certificate that does not expire until after December 31, 2013, you will need to go into your certificate management console to revoke and replace your certificate with a new 2048-bit certificate before December 31, 2013.
The CA/Browser Forum is behind this requirement that all Certificate Authorities cease supporting 1024-bit key length certificates for code signing and SSL certificates by the end of 2013. This change has been prompted to comply with industry best practices in order to provide the highest level of security. This is also in compliance with NIST Special Publication 800-131A. SHA-1 and 2048-bit keys will also start being required by browser vendors.
Step-by-step Instructions to Upgrade the SSL Certificate From 1024-bit to 2048-bit:
- Do you have 1024-bit certificates?
- Can your server handle a 2048-bit certificate?
- Generate your CSR
- Go to the User Portal, login, and renew or re-issue your certificate.
Use the SSL Certificate Checker (powered by Symantec) to check the key length on your current SSL certificates.
Longer key lengths require more server power and not all systems can handle a 2048-bit SSL certificate (if you’re already running 2048 certificates, move on to step 3).
Renew – certificates that expire December 31, 2013 and earlier with a 2048-bit key
Reissue – All 1024-bit certificates that expire after January 1, 2014