1. /
  2. 1024-bit Migration FAQs
1024-bit Migration FAQs

1024-bit Migration FAQs

1024-bit Migration FAQs

What is the issue?

In compliance with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, at the end of 2013 all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. All certificates less than 2048-bit key length will need to be revoked and replaced with certificates with a higher encryption strength.
Read the full NIST Special Publication 800-131A.

What must I do?

When renewing your certificates with Symantec please generate a CSR for a 2048-bit RSA key, or if you are an MPKI for SSL customer you can choose to generate a 2048-bit DSA, or a 256-bit ECC key. If you have a certificate that does not expire until after December 31, 2013, you will need to go into your certificate management console to revoke and replace your certificate with a new 2048-bit certificate before October 1, 2013.

What is RSA?

RSA is an encryption and digital signature algorithm that has been the basis for security on the internet for nearly two decades. RSA is still a valid algorithm to use but the acceptable minimum key size has increased with time to ensure protection from improved cryptographic attacks.

What is a 1024-bit RSA Certificate?

TLS/SSL Certificates are identified by their algorithm and the size of their public keys. The larger the key, the more resistant the key is to hacking or decryption.

What are the options available?

Symantec offers the widest range of algorithm options that not only include RSA but also DSA and Elliptical Curve Cryptography (ECC signing is also known as ECDSA). RSA 2048-bit certificates are still perfectly acceptable and are available. Furthermore, 256-bit ECC certificates are also available. Custom key ceremonies are available to purchase to extend any expiring 1024-bit certificate closer to the deadline but Symantec is unable to extend the expiration date beyond the industry-established deadline of January 1, 2014. MPKI for SSL customers can revoke and replace their 2014+ 1024-bit certificates with another 1024-bit certificate expiring closer to the deadline without worry of revocation but will have to renew it with a CSR (Certificate Signing Request) of 2048 bits or more afterwards. Learn more about ECC and Algorithm Agility.
Minimum size (bits) of Public Keys Key Size Ratio
Security (bits) DSA RSA ECC RSA/DSA to ECC
112 2048 2048 N/A 1:09
128 3072 3072 256-383 1:12
192 7680 7680 384-511 1:20

Why are certificates with less than 2048-bit key lengths being phased out?

In order to retain a preemptive stance against attacks, NIST guidelines have suggested the end of use of 1024-bit certificates at the end of this year. Browsers and Commercial CAs within the CA/Browser Forum have decided to abide by this recommendation and created steadfast rules to proactively convert end-users to higher levels of signing.
Additional resources are below:
Mozilla’s CA Certificate Maintenance Policy
Microsoft’s Root Certificate Program

What is NIST?

NIST stands for “National Institute of Standards and Technology” which is a U.S. federal government “technology agency that works with industry to develop and apply technology, measurements, and standards.” NIST recommendations are part of the standards ecosystem that web browsers and CAs abide by.

Have other key sizes been phased out before?

RSA-576, -640, -704, & -768 have all be “factored” (cracked/hacked) and are no longer safe to be used for TLS/SSL.

What is Symantec’s method of dealing with this?

Symantec is notifying its customers as well as the greater security ecosystem of this change. Symantec has also made DSA and ECC algorithms available for use and purchase as well as certificates using the RSA algorithm with 2048-bit keys.

How do I generate a CSR?

Symantec has a page available to assist in the generation of a CSR here: Generate a new CSR

How can I find certificates with less than 2048-bit key length in my infrastructure?

For Enterprise customers, Symantec offers the Certificate Intelligence Center, a great tool for locating and managing all of the certificates within a security ecosystem regardless of vendor. This is the perfect tool for companies implementing a doctrine of no-surprises/no-outages.

Is there a performance penalty for systems using RSA 2048-bit certificates?

It’s true that the use of RSA 2048-bit certificates requires more processing power on both client and server. As an alternative, Symantec offers Elliptical Curve Cryptography (ECC) with key sizes at a fraction of the number of bits RSA and DSA require, yet over 10,000 times harder to crack (256-bits for ECC is the equivalent cryptographic strength of 3072-bits RSA). ECC offers stronger security with less server overhead and will help to reduce CPU cycles required for server cryptographic operations. Since ECC is brand-new to the market, it may not be supported on all browsers and applications. We recommend installing an ECC certificate alongside an RSA certificate for outside facing web traffic to ensure that everyone can connect regardless of device configuration. Currently, this solution is only supported by Apache web servers. ECC is also only available with Symantec’s Premium Managed PKI offering.

Does this 2048-bit requirement affect the initial SSL handshake?

Yes, the SSL initial handshake will be slower and raise CPU usage compared to 1024-bit RSA. It is recommended that web application and appliance manufacturers be consulted for additional measures to assist with this cryptographic change.

Will the new certificates work with existing timestamp servers?

Yes, there should not be any issues with time stamping due to the key size.

Do we need new code signing tools to use a 2048 CSR?

Keys for code signing certs are sometimes generated by the browser and sometimes by special software, like “keytool” for Java code signing. Nearly all modern software supports 2048-bit key generation, although you may have to specify the key size explicitly. It is recommended to check with the vendor to be absolutely sure as SDK's are updated; e.g. MSDN.

Is there a way to test a 2048-bit code signing certificate?

Currently, we do not have a test certificate program for code signing. We strongly recommend speaking to your account manager to get any code signing testing needs facilitated. However if you would like to test a trial SSL certificate on your server please download a trial at go.symantec.com/ssl-trial.

When I revoke and replace a certificate expiring after Dec 31, 2013, do I have to purchase a new certificate or do we get a free replacement?

If you replace the existing certificate, there is no effect to your account as this process allows for a duplicate public key to be issued (same DN information) while deactivating the original certificate. With revocation, you have a 30-day window for automatic credit. For these types of scenarios, please reach out to your enterprise account manager.

What happens in the revocation process, do existing sites stop working on the revocation date?

Yes, since the certificate is revoked, your site is no longer “trusted” and may not be accessible as it will not pass authentication/verification. Once the certificate is revoked a site should be considered “untrusted” by all clients (i.e. browsers, applications, etc.) until a new SSL certificate is in place to help facilitate incoming requests.

What happens to an existing site on the revocation date?

When a website certificate is revoked, some or all of the following actions could happen:
  • Browsers block visitors from coming to your website
  • Customers receive security warnings before proceeding to your website
  • Transactions are not protected and susceptible to fraud
  • Trust Seals disappear from your website - deterring visitors from completing transactions