Key length: 512, 1024 or 2048

Since January 1st, 2011 all certificates must be generated with a 2048 bit (or more) public key.

The use of 512-bit key is forbidden. Factoring RSA is doable for this length (512-bit has been factorized in August 1999, current record=768-bit). 1024-bit keys will soon be vulnerable and we will then have to stop using them.

The ANSSI (former DCSSI) made it mandatory to use 1536-bit (or higher size) keys since January 1st, 2009 and to use 2048-bit keys since January 1st, 2011.

The NIST recommands not to trust keys less than 2048-bit long since January 1st, 2011.

See the keylength website.

WARNING: you have to think about the consequences of the 2048-bit upgrade on your CPU consumption. The upgrade on already loaded equipment is sensitive.

See also:

• http://www.schneier.com/blog/archives/2007/05/307digit_number.html

Find out more about obtaining a server certificate and creating a certificate request : CRS click here