Why does my CSR need to be 2048 bit length?
Computer power has lessened the time it takes to break the algorithms used by today's secure certificate private keys.
To avoid putting the Internet and e-commerce users at risk, the Certificate Authority Browser Forum has published new requirements for secure certificates. We are a member of this organization and are supporting this change by requiring 2048-bit length for all new and renewing SSLs.
The following are the requirements established by the Certificate Authority Browser Forum for Extended Validation Certificates:
- A minimum of 2048-bit RSA keys for root and subordinate CAs.
- A minimum of 2048-bit keys for entity certificates (the secure certificates issued to our customers) that expire after December 31st, 2010.
Microsoft®, for example, is a member of the Certificate Authority Browser Forum and supports these requirements for all certificates by incorporating the following requirements into their programs:
- All new root certificates must have a minimum of 2048-bit RSA keys.
- 1024-bit roots will be removed from the Microsoft Root Certificate Program by December 13th, 2013.
- All end entity certificates issued after December 31st, 2010 must have a minimum of 2048-bit RSA keys.
Use our CSR Generation instructions if you are having difficulty generating a 2048-bit CSR.
How does an SSL certificate work?
What does it mean to revoke an SSL certificate?
Determining the Type of SSL Certificate a Website Is Using
Protecting My Site Against the SSL Vulnerability in Debian GNU/Linux
How do I know my secure certificate is safe from vulnerabilities?
What happens when my certificate expires?
Your message was successfully sent.
There was an error in sending your message, please try again.
Have a question about the content of this article?