New Certificate/Browser (CA/B) Forum Industry Standard Set to Begin on January 1st, 2014
As per the new rule agreed upon at the Certificate/Browser (CA/B) forum, the governing body for the SSL industry, all active, issued security certificates must be signed with 2048-bit encryption beginning January 1st, 2014. This new standard was suggested by the National Institute of Standards and Technology (NIST) and is a pre-emptive response to the growing sophistication of hackers and super computers, as doubling the encryption on SSL certificates will continue to ensure the security of websites for many years to come.
Overall, this is good news for the industry, as it simply means that SSL is getting stronger. However, certain measures will need to be taken by customers who have a domain protected by an active 1024-bit certificate. For customers who aren’t exactly sure what type of encryption their website’s SSL certificate boasts, here is a helpful link.
If a 1024-bit SSL certificate is expiring before January 1st, 2014, all a customer will have to do is simply use a 2048-bit Certificate Signing Request (CSR) during the renewal process. However, if a 1024-bit SSL certificate is expiring any time after January 1st, 2014, extra measures need to be taken. The active certificate will need to be revoked and reissued before October 1st, 2013. The reason for the early date is because Certification Authorities want to ensure that their customers’ websites remain up and running uninterrupted during the tumultuous holiday shopping season.
Revoking and reissuing an SSL cert can be done manually or by your certificate provider. This process is completely free and will allow customers to get all of the remaining time on their certificate with 2048-bit encryption strength. SSL customers will also want to first check and make sure that their server can support a 2048-bit certificate. Most servers are equipped to handle this level of encryption, but in certain cases, this may be an issue.
It is extremely important that customers with active 1024-bit certificates complete these steps before the designated deadlines, as failure to do so will result in browsers not recognizing their company websites. The process of revoking/reissuing can be completed in a matter of minutes and is well worth the time, as it will ensure a safer online experience for web-users and will help companies avoid any downtime on their websites.