200609: Verisign does not certifies 512 bits public keys anymore
As of September 2006, VeriSign won't deliver certificates generated from 512-bit public keys anymoreThe minimum key length was 512-bit. It is now considered by specialists as insufficient. The new required length is 1024-bit. The goal being to increase security.
The public key is created by your software when generating the CSR (see Obtain a server certificate). In this process you have the choice of the key length. From now on, select 1024-bit (TBS interface displays an alert since early 2006 when you provide a CSR created from a 512-bit key).
Some old software (more than 5 years old) do not permit to create keys longer than 512-bit. If it is your case, your existing Thawte certificate won't be renewable and you won't be able to order new certificates.
In this situation, 2 scenarii:
- contact your software supplier to get 1024-bit-compatible version
- contact us, we may help you find a certificate from an other brand, still accepting 512-bit
- MS IIS 4 SP6
- MS IIS 5 SP2+
- MS IIS 6
- Apache SSL and ModSSL (and any product using openssl for the keys generation)
Last edited on 05/06/2013 13:24:36 --- [search]