Why does my CSR need to be 2048 bit length?
Computer power has lessened the time it takes to break the algorithms used by today's secure certificate private keys. It is estimated that the computer power required to break 1024-bit length secure certificate private keys will exist by 2011.
To avoid putting the Internet and e-commerce users at risk, the Certificate Authority Browser Forum has published new requirements for secure certificates. We are a member of this organization and are supporting this change by requiring 2048-bit length for all new and renewing SSLs.
The following are the requirements established by the Certificate Authority Browser Forum for Extended Validation Certificates:
- A minimum of 2048-bit RSA keys for root and subordinate CAs.
- A minimum of 2048-bit keys for entity certificates (the secure certificates issued to our customers) that expire after December 31st, 2010.
Microsoft®, for example, is a member of the Certificate Authority Browser Forum and supports these requirements for all certificates by incorporating the following requirements into their programs:
- All new root certificates must have a minimum of 2048-bit RSA keys.
- 1024-bit roots will be removed from the Microsoft Root Certificate Program by December 31st, 2010.
- All end entity certificates issued after December 31st, 2010 must have a minimum of 2048-bit RSA keys.
Use our CSR Generation instructions if you are having difficulty generating a 2048-bit CSR.