Resources

Moving to a 2048-bit certificate

New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum Baseline require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.¹

Why? As computer power increases, 1024-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security.

Action Required: What do I need to do?

If you have any 1024-bit certificates, you will need to migrate to 2048-bit key length by October 1, 2013*. Depending on when your certificate(s) expires, you'll need to take either of the actions below.

New Certificates or Renewing before January 1, 2014 - use a 2048-bit Certificate Signing Request (CSR) when you buy a new certificate or during the renewal process
Certificates that Expire after January 1, 2014 - you'll need to revoke your certificate and replace the certificate with a 2048-bit key length by October 1, 2013. It is FREE to replace a certificate and you'll still get all the time remaining on your current certificate.

Step-by-step Instructions

Do you have 1024-bit certificates?
Use the SSL Certificate Checker (powered by Symantec) to check the key length of the CSR on your current SSL certificates.
Can your server handle a 2048-bit certificate?
Longer key lengths require more server power and not all systems can handle a 2048-bit SSL certificate (if you're already running 2048 certificates, move on to step 3). You can easily test your system by requesting a Thawte test certificate with a 2048-bit key length. Get a test certificate. If you can't install the test certificate, contact our support team for help.
Generate your CSR
- Microsoft IIS 6.0 or 7.0 running .NET 2.0 or higher or Red Hat Server - the SSL assistant will automatically generate your 2048-bit CSR and later install it.
- All other servers or to manually generate a CSR - choose from a selection of step-by-step videos for CSR & Certificate Installation.
Log in to your account & choose your action

Renew - certificates that expire December 31, 2013 and earlier with a 2048-bit key
Revoke and Replace – All 1024-bit certificates that expire after January 1, 2014

Need Help?

There are several ways to get help.

Visit our support center
Email us
Chat online with sales or support
Visit the community site to discuss and get help
Call Us
- US/CA/Latin America: 866-239-4520
- Europe, Middle East, and Africa: +353 1 850 2640
- Asia-Pacific: +61 3 9914 5641

*Thawte has decided to begin revoking 1024-bit certificates on October 1, 2013 to avoid potential problems for customers that will be impacted by site code lock-downs due to the holiday season.

¹ https://www.cabforum.org/Baseline_Requirements_V1.pdf

contact sales

US toll-free: +1 888 484 2983
South Africa:
+27 21 819 2800
Germany:
+49 69 3807 89081
France: +33 1 57 32 42 68
UK: +44 203 450 5486
Submit Inquiry Online

Sales Chat
Support Chat

videos

5:40

Stuxnet Interview

1:54

Learn about Thawte Extended Validation (EV) SSL Certificates

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?