Resources

Moving to a 2048-bit Certificate

New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.¹

Why? As computer power increases, anything less than 2048-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security.

Action Required: What do I need to do?

If you have any 1024-bit certificates or certificates with less than 2048-bit key length, you will need to migrate to 2048-bit key length by October 1, 2013*. Depending on when your certificate(s) expires, you'll need to take either of the actions below.

New Certificates or Renewing before January 1, 2014 - use a 2048-bit Certificate Signing Request (CSR) when you buy a new certificate or during the renewal process
Certificates that Expire after January 1, 2014 - you'll need to revoke your certificate and replace the certificate with a 2048-bit key length by October 1, 2013. It is FREE to replace a certificate and you'll still get all the time remaining on your current certificate.

Step-by-step Instructions

Do you have certificates with less than 2048-bit key length?
Use the SSL Certificate Checker (powered by DigiCert) to check the key length on your current SSL certificates.
Can your server handle a 2048-bit certificate?
Longer key lengths require more server power and not all systems can handle a 2048-bit SSL certificate (if you're already running 2048 certificates, move on to step 3). You can easily test your system by requesting a Thawte trial certificate with a 2048-bit key length. Get a trial certificate. If you can't install the trial certificate, contact our support team for help.
Generate your CSR
- Microsoft IIS 6.0 or 7.0 running .NET 2.0 or higher or Red Hat Server - the SSL assistant will automatically generate your 2048-bit CSR and later install it.
- All other servers or to manually generate a CSR - visit step-by-step instructions for Key and CSR Generation.
Log in to your account & choose your action

Renew - certificates that expire December 31, 2013 and earlier with a 2048-bit key
Revoke and Replace – certificates with less than 2048-bit key length that expire after January 1, 2014

Need Help?

There are several ways to get help.

Visit our support center
Email us
Chat online with sales or support
Visit the community site to discuss and get help
Call Us
- US/CA/Latin America: 866-239-4520
- Europe, Middle East, and Africa: +353 1 793 9029
- Asia-Pacific: +61 3 9914 5641

*Thawte has decided to begin revoking certificates with less than a 2048-bit key length on October 1, 2013 to avoid potential problems for customers that will be impacted by site code lock-downs due to the holiday season.

¹ https://www.cabforum.org/Baseline_Requirements_V1.pdf

contact sales

US Direct:
+1 801 769 0233
South Africa:
+353 1 793 9142
Germany:
+49 69 3807 89081
France:
+33 1 57 32 42 68
UK:
+44 203 450 5486

Sales Chat
Support Chat

We have updated our Privacy Policy which can be found here.

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?