1024-bit Certificate Revocation and Re-issue Guidance


1024-bit Certificate Revocation

From 31st December 2013 All 1024-bit SSL certificates will no longer be accepted by any browser. In preparation for this RapidSSL, Geotrust, Thawte and Symantec SSL certificates that expire after 31 December 2013 will be revoked on or shortly after 1st October 2013. This step is being taken because 1024-bit is no longer considered secure. All SSL certificates must now be a minimum of 2048-bit.

Re-issue Your Certificate

If you have a 1024-bit certificate which expires after 31st December 2013 then you will have to re-issue your certificate. There is no charge to re-issue your certificate. You will need to generate a new CSR request that is a minimum of 2048-bit.

To re-issue a Geotrust or RapidSSL certificate please click here

To re-issue a Thawte certificate please click here

To re-issue a Symantec or VeriSign certificate please click here

You will need to enter your domain name and the contact email address used within your order. Once you click submit you will see a list of orders for that domain. Click on [Request Access] for the latest order.

You will then receive an email titled “Order Information Request for [domain]”. Within this email is a link to view and manage your order. Click this link. Once you are in the User portal you need to click the “Reissue Certificate” link (see image below).

Reissue SSL Certificate

You will then be asked to supply a new CSR which is at least 1024-bit. The domain in the CSR must exactly match that of the original certificate. Once approved a new SSL certificate will be issued to you to install on your server.

1024-bit Revocation FAQ

How do I check if my SSL certificate is 1024-bit?

We recommend you visit Qualys SSL Labs and enter your SSL domain. On the results look under Server Key and Certificate. If the Key says RSA 1024 bits and it expires after 31st December 2013 then you must replace your certificate.

Why are 1024-bit certificates being revoked?

Due to advances in computer technology and processing speeds 1024-bit certificates are no longer considered secure. Therefore this step is being taken to force administrators to update their certificates to the new minimum standard.

Why was I not informed about the revocation?

The certificate authorities have sent emails to the SSL certificate order contacts and widely publicised this. 1024-bit certificates have also not been issued for the last 24 months. Therefore this is only affecting users who have certificates of long duration.

Can I just renew my certificate instead?

If there is less than 90 days remaining on your certificate then you can instead renew the certificate and the remaining days will be added to your new certificate. You can renew your SSL certificate with ServerTastic.

How do I generate a new CSR?

Instructions on how to do this are dependent on your operating system and/or control panel. Instructions for most major systems are available here.

Can you provide assistance with generating a new certificate?

We can generate the CSR for you and supply the corresponding private key and certificate file. There is an administration charge of $50.00 to do this. Please contact us if you require this service.

I have more questions and need more help!

You can ask your questions publicly via the comments below or if you need private assistance you can contact ServerTastic.

Related Articles