Why does my CSR need to be 2048 bit length?
Computer power has lessened the time it takes to break the algorithms used by today's secure certificate private keys.
To avoid putting the Internet and e-commerce users at risk, the Certificate Authority Browser Forum has published new requirements for secure certificates. We are a member of this organization and are supporting this change by requiring 2048-bit length for all new and renewing SSLs.
The following are the requirements established by the Certificate Authority Browser Forum for Extended Validation Certificates:
- A minimum of 2048-bit RSA keys for root and subordinate CAs.
- A minimum of 2048-bit keys for entity certificates (the secure certificates issued to our customers) that expire after December 31st, 2010.
Microsoft®, for example, is a member of the Certificate Authority Browser Forum and supports these requirements for all certificates by incorporating the following requirements into their programs:
- All new root certificates must have a minimum of 2048-bit RSA keys.
- 1024-bit roots will be removed from the Microsoft Root Certificate Program by December 13th, 2013.
- All end entity certificates issued after December 31st, 2010 must have a minimum of 2048-bit RSA keys.
Use our CSR Generation instructions if you are having difficulty generating a 2048-bit CSR.
