1024-bit Migration FAQs
What is the issue?
In compliance with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, at the end of 2013 all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. All certificates less than 2048-bit key length will need to be revoked and replaced with certificates with a higher encryption strength.
What must I do?
When renewing your certificates with Symantec please generate a CSR for a 2048-bit RSA key,
or if you are an MPKI for SSL customer you can choose to generate a 2048-bit DSA, or a 256-bit ECC key. If you have a
certificate that does not expire until after December 31, 2013, you will need to go into your certificate management
console to revoke and replace your certificate with a new 2048-bit certificate before October 1, 2013.
What is RSA?
RSA is an encryption and digital signature algorithm that has been the basis for security on the
internet for nearly two decades. RSA is still a valid algorithm to use but the acceptable minimum key size has
increased with time to ensure protection from improved cryptographic attacks.
What is a 1024-bit RSA Certificate?
TLS/SSL Certificates are identified by their algorithm and the size of
their public keys. The larger the key, the more resistant the key is to hacking or decryption.
What are the options available?
Symantec offers the widest range of algorithm options that not only include
RSA but also DSA and Elliptical Curve Cryptography (ECC signing is also known as ECDSA). RSA 2048-bit certificates
are still perfectly acceptable and are available. Furthermore, 256-bit ECC certificates are also available. Custom
key ceremonies are available to purchase to extend any expiring 1024-bit certificate closer to the deadline but
Symantec is unable to extend the expiration date beyond the industry-established deadline of January 1, 2014. MPKI
for SSL customers can revoke and replace their 2014+ 1024-bit certificates with another 1024-bit certificate expiring
closer to the deadline without worry of revocation but will have to renew it with a CSR (Certificate Signing Request)
of 2048 bits or more afterwards. Learn more about ECC and Algorithm Agility
|Minimum size (bits) of Public Keys
||Key Size Ratio
||RSA/DSA to ECC
Why are certificates with less than 2048-bit key lengths being phased out?
In order to retain a preemptive stance against attacks,
NIST guidelines have suggested the end of use of 1024-bit certificates at the end of this year. Browsers and
Commercial CAs within the CA/Browser Forum have decided to abide by this recommendation and created steadfast rules
to proactively convert end-users to higher levels of signing.
Additional resources are below:
What is NIST?
NIST stands for “National Institute of Standards and Technology” which is a U.S. federal
government “technology agency that works with industry to develop and apply technology, measurements, and standards.”
NIST recommendations are part of the standards ecosystem that web browsers and CAs abide by.
Have other key sizes been phased out before?
RSA-576, -640, -704, & -768 have all be “factored”
(cracked/hacked) and are no longer safe to be used for TLS/SSL.
What is Symantec’s method of dealing with this?
Symantec is notifying its customers as well as the greater
security ecosystem of this change. Symantec has also made DSA and ECC algorithms available for use and purchase as
well as certificates using the RSA algorithm with 2048-bit keys.
How do I generate a CSR?
Symantec has a page available to assist in the generation of a CSR here:
Generate a new CSR
How can I find certificates with less than 2048-bit key length in my infrastructure?
For Enterprise customers, Symantec offers the
, a great tool for locating and managing all of the certificates within a security ecosystem regardless of
vendor. This is the perfect tool for companies implementing a doctrine of no-surprises/no-outages.
Is there a performance penalty for systems using RSA 2048-bit certificates?
It’s true that the use of RSA
2048-bit certificates requires more processing power on both client and server. As an alternative, Symantec offers
Elliptical Curve Cryptography (ECC) with key sizes at a fraction of the number of bits RSA and DSA require, yet over
10,000 times harder to crack (256-bits for ECC is the equivalent cryptographic strength of 3072-bits RSA). ECC offers
stronger security with less server overhead and will help to reduce CPU cycles required for server cryptographic
operations. Since ECC is brand-new to the market, it may not be supported on all browsers and applications. We
recommend installing an ECC certificate alongside an RSA certificate for outside facing web traffic to ensure that
everyone can connect regardless of device configuration. Currently, this solution is only supported by Apache web
servers. ECC is also only available with Symantec’s Premium Managed PKI offering.
Does this 2048-bit requirement affect the initial SSL handshake?
Yes, the SSL initial handshake will be slower
and raise CPU usage compared to 1024-bit RSA. It is recommended that web application and appliance manufacturers be
consulted for additional measures to assist with this cryptographic change.
Will the new certificates work with existing timestamp servers?
Yes, there should not be any issues with time stamping
due to the key size.
Do we need new code signing tools to use a 2048 CSR?
Keys for code signing certs are sometimes generated by the browser and sometimes by special software, like “keytool” for Java code signing. Nearly all modern software supports 2048-bit key generation, although you may have to specify the key size explicitly. It is recommended to check with the vendor to be absolutely sure as SDK's are updated; e.g. MSDN.
Is there a way to test a 2048-bit code signing certificate?
Currently, we do not have a test certificate program for code signing. We strongly recommend speaking to your account manager to get any code signing testing needs facilitated. However if you would like to test a trial SSL certificate on your server please download a trial at go.symantec.com/ssl-trial
When I revoke and replace a certificate expiring after Dec 31, 2013, do I have to purchase a new certificate or do we get a free replacement?
If you replace the existing certificate, there is no effect to your account as this process allows for a duplicate public key to be issued (same DN information) while deactivating the original certificate. With revocation, you have a 30-day window for automatic credit. For these types of scenarios, please reach out to your enterprise account manager.
What happens in the revocation process, do existing sites stop working on the revocation date?
Yes, since the certificate is revoked, your site is no longer “trusted” and may not be accessible as it will not pass authentication/verification. Once the certificate is revoked a site should be considered “untrusted” by all clients (i.e. browsers, applications, etc.) until a new SSL certificate is in place to help facilitate incoming requests.
What happens to an existing site on the revocation date?
When a website certificate is revoked, some or all of the following actions could happen:
- Browsers block visitors from coming to your website
- Customers receive security warnings before proceeding to your website
- Transactions are not protected and susceptible to fraud
- Trust Seals disappear from your website - deterring visitors from completing transactions