Why do you require a 2048-bit key for my CSR?
Due to the increasing computing power available to decrypt SSL certificates, the Certificate Authority Browser (CAB) Forum (the entity that establishes SSL industry standards) requires that all SSL certificates issued after Jan. 1, 2014, use at least 2048-bit keys. SSL certificates that use 1024-bit keys are no longer secure.
How does my CSR's bit length affect my SSL certificate?
When you generate a certificate signing request (CSR) on your SSL certificate's Web server, you also create a public/private key pair for encrypting and decrypting secure transactions.
The bit length you select when generating the CSR determines the security level of your SSL certificate. The higher the bit length of your key pair, the higher the security level. For example, a 2048-bit key is much stronger and harder for a hacker to crack than a 1024-bit key.
To avoid putting the Internet and e-commerce users at risk, the CAB Forum published new baseline requirements for SSL certificates in 2011. We are a member of this organization, and we have supported this change by requiring 2048-bit length for all new and renewing SSL certificates issued since Jan. 1, 2011.
My SSL certificate uses a 1024-bit key. What do I need to do?
Like all Certificate Authorities (CAs), we are urging certificate holders to increase encryption levels to 2048 bits or higher.
If your SSL certificate uses a 1024-bit key, you should increase its bit length to 2048 or higher before Jan. 1, 2014. To do so, generate a new CSR, and then re-key your certificate. There is no cost for this process.
If your SSL certificate renews before Jan. 1, 2014, you can create a 2048-bit key when you generate the CSR for your renewal.
