As you may know the National Institute of Standards and Technology (NIST) has declared that an SSL Certificate that was issued with a 1024 (or fewer) bit key will no longer be viable after 12/31/2010. Why? Because NIST estimates that the computing power will be available after 12/31/2010 to perform a brute force attack on an SSL Certificate that was issued with a 1024 bit key.
Some SSL vendors (Godaddy and Verisign) have stopped accepting Certificate Signing Requests (CSRs) with a 1024 bit key to comply with the NIST directive. Other SSL vendors like Thawte will still issue an SSL certificate that was generated with a 1024 bit key, but they are only valid until 12/31/2010.
If you have a commercial SSL certificate that was created with a 1024 bit key, we suggest reissuing the certificate with a 2048 bit key prior to 12/31/2010. In most cases this just involves generating a CSR with a 2048 bit key and installing the new certificate. However there are some devices that cannot handle a 2048 bit key like Sonicwall’s SSL VPN 200. In this case, you’re faced with a hardware upgrade if you want to use an SSL certificate (even a self-signed one) that was generated with a 2048 bit key.
If you need help with upgrading any of your SSL certificates, please send us an email at info@adscon.com.