Upcoming SSL Root Updates to 2048-bit

---

Upcoming SSL Root Updates to 2048-bit Posted: 16 Jun 2010 10:30 AM PDT If you sell SSL through OpenSRS, or if you use or sell SSL products from any of our vendors – VeriSign, GeoTrust and Thawte – then you’ll want to take note of some changes coming up to the root certificates. VeriSign, GeoTrust and Thawte are all in the midst of a transition from 1024-bit roots to new, more secure 2048-bit roots. This change is in line with industry best practices to ensure the highest level of security. Browser vendors are also starting to require the use of SHA-1 and 2048 keys. For example, Microsoft has stipulated requirements for all Certificates that require that all new Root Certificates must have a minimum be 2048-bit RSA keys and not use MD5 as the hashing algorithm. As a result of this upgrade, there are some changes to how SSL certificates purchased through OpenSRS are ordered and installed. Please note: currently installed SSL certificates are not affected by the changes. However, new certificates along with renewals of existing certificates will required 2048-bit Certificate Signing Requests (CSRs) in the future, depending on the specific certificate brand and type. The new 2048-bit root updates will go live on the following dates: Thawte (except SGC SuperCerts) – June 27, 2010 GeoTrust – July 22, 2010 VeriSign – October, 2010 Thawte SGC SuperCerts only – October, 2010 2048-bit CSRs Please OpenSRS will begin requiring 2048-bit CSRs at the same time as the root updates occur. You may already submit 2048-bit CSRs for all products. In fact, Extended Validation (EV) certificates already required 2048-bit CSRs. If you submit an SSL order with a 1024-bit CSR after the root updates take place on the dates listed above, the order will fail. Installation Changes Required Additionally, the SSL certificate installation process will change for all Thawte (excluding: SGC SuperCerts and Web Server with EV Certificates) and GeoTrust certificates (excluding True BusinessID with EV) issued after the go live dates listed above. Users will be required to install an intermediate Certification Authority Certificate in line with industry best practices. The excluded products listed already require the installation of this intermediate certificate. More Information For the latest information about the 2048-bit root changes, you may wish to view the Support Advisories issued by each brand: Thawte Support Advisory: view GeoTrust Support Advisory: view VeriSign Support Advisory: view

You are subscribed to email updates from OpenSRS Reseller Blog To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610