As you may know the National Institute of Standards and Technology (NIST) has declared that an SSL Certificate that was issued with a 1024 (or fewer) bit key will no longer be viable after 12/31/2010.  Why?  Because NIST estimates that the computing power will be available after 12/31/2010 to perform a brute force attack on an SSL Certificate that was issued with a 1024 bit key. 


Some SSL vendors (Godaddy and Verisign) have stopped accepting Certificate Signing Requests (CSRs) with a 1024 bit key to comply with the NIST directive.  Other SSL vendors like Thawte will still issue an SSL certificate that was generated with a 1024 bit key, but they are only valid until 12/31/2010.


If you have a commercial SSL certificate that was created with a 1024 bit key, we suggest reissuing the certificate with a 2048 bit key prior to 12/31/2010.  In most cases this just involves generating a CSR with a 2048 bit key and installing the new certificate.  However there are some devices that cannot handle a 2048 bit key like Sonicwall’s SSL VPN 200.  In this case, you’re faced with a hardware upgrade if you want to use an SSL certificate (even a self-signed one) that was generated with a 2048 bit key.


If you need help with upgrading any of your SSL certificates, please send us an email at

CybersecuritySecuritySsl certificates

Get updated on the latest Information Technology news, Cybersecurity, Information Technology Trends, and recent real-world troubleshooting experiences.