Moving to a 2048-bit certificate

New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum Baseline require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.1

Why? As computer power increases, 1024-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security.

Action Required: What do I need to do?

If you have any 1024-bit certificates, you will need to migrate to 2048-bit key length by October 1, 2013*. Depending on when your certificate(s) expires, you'll need to take either of the actions below.

  • New Certificates or Renewing before January 1, 2014 - use a 2048-bit Certificate Signing Request (CSR) when you buy a new certificate or during the renewal process
  • Certificates that Expire after January 1, 2014 - you'll need to revoke your certificate and replace the certificate with a 2048-bit key length by October 1, 2013. It is FREE to replace a certificate and you'll still get all the time remaining on your current certificate.
Step-by-step Instructions
  1. Do you have 1024-bit certificates?
    Use the SSL Certificate Checker (powered by Symantec) to check the key length of the CSR on your current SSL certificates.
  2. Can your server handle a 2048-bit certificate?
    Longer key lengths require more server power and not all systems can handle a 2048-bit SSL certificate (if you're already running 2048 certificates, move on to step 3). You can easily test your system by requesting a Thawte test certificate with a 2048-bit key length. Get a test certificate. If you can't install the test certificate, contact our support team for help.
  3. Generate your CSR
  4. Log in to your account & choose your action

    • Renew - certificates that expire December 31, 2013 and earlier with a 2048-bit key
    • Revoke and Replace – All 1024-bit certificates that expire after January 1, 2014
Need Help?

There are several ways to get help.

*Thawte has decided to begin revoking 1024-bit certificates on October 1, 2013 to avoid potential problems for customers that will be impacted by site code lock-downs due to the holiday season.

1 https://www.cabforum.org/Baseline_Requirements_V1.pdf

contact sales

US toll-free: +1 888 484 2983
South Africa:
+27 21 819 2800
Germany:
+49 69 3807 89081
France: +33 1 57 32 42 68
UK: +44 203 450 5486
Submit Inquiry Online

videos

5:40
Stuxnet Interview
1:54
Learn about Thawte Extended Validation (EV) SSL Certificates