Resources

2013: 2048-bit certificate requirement

What's new? Industry standards set by the Certification Authority/Browser (CA/B) Forum Baseline require that certificates issued after July 1, 2012 MUST be at least 2048-bit key length.

Why? These requirements¹ are designed to further strengthen the security and trust that comes with SSL certificates on the internet.

What does this mean for me? If you're buying a new certificate, or renewing an existing certificate in 2013, your CSR will need to be at least 2048-bit key length. If you have a 1024-bit ssl certificate that is valid after
October 1, 2013 - please revoke and replace with a 2048-bit key length. To avoid issues with site lock-downs during the holiday season, Thawte will begin revoking any 1024-bit ssl certificates on October 1, 2013.

What do I need to do? At Thawte we're doing everything we can to make this easy for you and have a few tools below to help you along the way.

To learn more about the CAB Forum changes, please feel free to visit: http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

Below are a few tools we've put together to help you with your SSL certificate renewal for a 2048-bit certificate:

SSL Certificate Checker – Easily check the key length of your last CSR to determine if you already had a 2048-bit certificate; or if your certificate was based on a shorter key length (for example, 1024-bit) and you need to submit a new 2048 CSR.
SSL Assistant – If you have a Microsoft IIS 6.0 or 7.0 server running .NET 2.0 or higher, or a Red Hat server, the SSL Assistant will help you automatically generate your new 2048-bit CSR and later install it.
CSR & Certificate Installation Videos – If you server is not running Microsoft IIS or Red Hat, or if you prefer to manually generate CSRs and install your certificates; but need a little help, our step-by-step videos will walk you through the process.
Need Some Help? – At Thawte we want our customers to feel that we are there for them through any certificate challenge. Chat live with a Thawte team member today and we'll help you get through this new process.

If you are ready to renew your 2048-bit SSL Certificate, simply proceed to the Thawte Certificate Center.

For our Enterprise Customers, please login to your Thawte Certificate Center Enterprise Account.

Have more questions or looking for additional support? Visit the Thawte Online Community.

¹ https://www.cabforum.org/Baseline_Requirements_V1.pdf

contact sales

US toll-free: +1 888 484 2983
South Africa:
+27 21 819 2800
Germany:
+49 69 3807 89081
France: +33 1 57 32 42 68
UK: +44 203 450 5486
Submit Inquiry Online

Sales Chat
Support Chat

videos

5:40

Stuxnet Interview

1:54

Learn about Thawte Extended Validation (EV) SSL Certificates

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?