2014 is just around the corner, so it’s about time to say Adios to 1024-bit SSL certificates. NIST
(National Institute of Standards & Technology) along with Certificate
Authority/ Browser Forum (CA/BF), are all set to define a new standard for SSL
certificates which would be effective as of Jan 1 2014. According to this new
rule, all the SSL certificates issued after January 1 2014 MUST have minimum
bit strength of 2048-bit.
As we all know, the key length of an SSL certificate
indicates its encryption strength – shorter keys are more prone to a
cyber-attack. A cyber thug armed with most advanced computers and a compromised
private key drawn from a short public key, would easily be able to decrypt all
the SSL-secured connections, even from the past!
This up-gradation was a result of many such cases of
compromised internet security caused by shorter key strength SSL certificates.
However, a higher key strength certificate doesn’t guarantee 100% security. But
it sure does help in minimizing the attacks, because the computational power
required to process 2048-bit certificates is five to thirty times greater than
that required for 1024-bit certificates.
To improve their data security, many companies across the
world switched to the new length certificates months ago when the rule was
announced. It is THE wise step to take,
as no e-merchant who is serious about his business would want such message to
be displayed on the site when the customers log in. Please have a look:
If you are an e-merchant, please follow these steps to spare
your website from displaying such message.
- First of all, check if your certificate is less
than 2048-bit key length. You can do that by clicking here Check your SSL
You are good to go if your certificate’s strength is 2048-bit or above, but if it’s not, you have to fix that. - Next step would be to find out if your server is compatible enough to handle a 2048-bit SSL certificate.
- You need to generate CSR to proceed further. Please follow this link which would guide you with CSR generation steps for each server: Click Here
- Final step would be to
Renew the certificates that expire before Dec 31 2013 with a 2048-bit SSL certificate.
Reissue the 1024-bit certificates that expire after Dec 31 2013 by ordering 2048-bit SSL certificate instead.
0 comments:
Post a Comment