Email a FriendBookmark & SharePrint

Moving to a 2048-bit certificate

New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at least 2048-bit key length.1

Why? As computer power increases, anything less than 2048-bit certificates are at risk of being compromised by hackers with sophisticated processing capabilities. The cybersecurity industry is moving to stronger 2048-bit encryption to help preserve internet security.

Action Required: What do I need to do?

If you have any 1024-bit certificates or certificates with less than 2048-bit key length, you will need to migrate to 2048-bit key length by October 1, 2013*. Depending on when your certificate(s) expires, you'll need to take either of the actions below.

Step-by-step Instructions
  1. Do you have certificates with less than 2048-bit key length?
    Use the SSL Certificate Checker (powered by Symantec) to check the key length on your current SSL certificates.
  2. Can your server handle a 2048-bit certificate?
    Longer key lengths require more server power and not all systems can handle a 2048-bit SSL certificate (if you're already running 2048 certificates, move on to step 3). You can easily test your system by requesting a GeoTrust test certificate with a 2048-bit key length. Get a test certificate. If you can't install the test certificate, contact our support team for help.
  3. Generate your CSR
  4. Go to the GeoTrust Renew or Reissue Portal, login, and renew or re-issue your certificate.
    • Renew - certificates that expire December 31, 2013 and earlier with a 2048-bit key.
    • Reissue – All certificates with less than 2048-bit key length that expire after January 1, 2014
    • Enterprise customers only: Log in to Geocenter to renew or reissue your certificate within the console.
Need Help?

There are several ways to get help.

*GeoTrust has decided to begin revoking certificates with less than a 2048-bit key length on October 1, 2013 to avoid potential problems for customers that will be impacted by site code lock-downs due to the holiday season.

1 https://www.cabforum.org/Baseline_Requirements_V1.pdf