Comodo SSL Lock 1 Reading Time: 2 minutes

SSL CertificateWith the continued evolution of modern day super-computers and processing power, there exists the chance, albeit remote, that hackers could acquire the raw processing power to brute force 1024 bit RSA keys within the next 20 years. As a preemptive measure against this possibility, the National Institute of Standards (NIST) and Certificate Authority/Browser (CA/B) forum has mandated that all SSL certificates must have a minimum key length of 2048 bits from 1st January 2014. Comodo advises all our customers to check the key length of their SSL Certificate and takes steps to replace it if required.

How do I discover the key size on my certificate?

The fastest way to do this is to enter your domain in the Comodo SSL analyzer at sslanalyzer.comodoca.com/. You need to check out the ‘Key’ row. If it states 2048, you are safe. If it is a number lower than 2048 bit (for example 1024), then you need to upgrade before Dec 31st 2013.

How do I upgrade my 1024 bit SSL?

  • Certificates expiring on or before 31st December must be renewed with a 2048 bit certificate signing request (CSR)
  • Certificates expiring after 31st December can be replaced for FREE up to the validity period of the original certificate. To do this, you must first generate a new 2048 bit CSR on using your web-server software with the same details as your current certificate. Next,
  • Login at support.comodo.com and create a support ticket requesting that your certificate is replaced with a 2048 bit certificate. Please remember to mention your order number, domain name, web-server software and to attach your 2048 bit CSR to the ticket.
  • OR
  • If you have an EPKI or web host reseller account then login, locate the certificate order in question and click the ‘Replace’ link. This will open an order form which will allow you to submit your updated CSR.

Click the links below if you need help generating a new CSR on specific web server types:

  • Apache
  • Microsoft IIS 5 & 6
  • Microsoft IIS 7
  • Microsoft Exchange server 2010 (Certificate Wizard)
  • Java Based Web Servers (Tomcat) using keytool
  • Office Communications Server 2007
  • cPanel 11
  • Apple OSX Server 10.5 & 10.6
  • Other Web Servers

Click the links below for help installing your new certificate

  • Apache
  • Microsoft IIS 5 & 6
  • Microsoft IIS 7
  • Microsoft Exchange server 2010 (Certificate Wizard)
  • Java Based Web Servers (Tomcat) using keytool
  • Office Communications Server 2007
  • cPanel 11
  • Other Web Servers

For more information about Comodo SSL certificates, visit: www.positivessl.com

Comodo SSL solution experts can be contacted directly by emailing sales@comodo.com

START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE