We have our own CA which we've used for years to create hundreds of server certs and thousands of client certs. The CA cert itself is 1024bit and the certs it signed are 1024bit
Symantec has been sending out emails to us regarding this "change now to 2048bit certs" due to some relationship we have with external certs we use, which has now got me worried.
What will happen in Oct? Will OS vendors push out software updates that DISABLE their own ability to interact with 1024bit certs? If so, we have a serious problem as we'll have to replace thousands of certs ASAP
Replacing client certs and the CA cert itself for new 2048bit ones will be a manual nightmare. Originally that had to be done manually for all platforms other than Windows (thank you Microsoft for GPOs!), so does this change require us to also replace the CA, or would having that existing 1024bit CA cert signing 2048bit client/server certs be enough to "work around" the issue
Microsoft pushed an update in October of 2012 that made SSL certificates under 1024-bits not validate as secure. That particular update also removed weak-key validation for any certificates in the chain, which would include older Authorities signed with weak keys. The question is, will they do so again for 2048-bit certificates, and if so how soon?
They definitely will do so, but there is no guidance on how soon that may happen. It could be next year, it could be five years from now. When they did it last time they gave us a month's notice, but best-practice had been to use 2048 bit certificates for some time.
What is happening is that the Certificate Authorities are moving to stronger certificates, and external SSL checkers are going to start complaining about weak certificates when they run into 1024bit ones. Certain high-profile vendors are doing so as well.
This is your sign to start the manual process of upgrading your central certificate to something stronger. It'll take a long time, probably a couple years, but it can be done smoothly now rather than in a panic when the formal deprecation notice arrives.
As a side note, those of us who, erm, created internal authorities for use entirely internally and just used the default key-size for whatever PKI we picked, and decided to avoid the re-keying fiasco by setting the expiry date on that default-key-size certificate to 2030? We, ahm, kinda made a mistake there.
Sure, we kept that key on a printed piece of paper in a bank vault requiring biometric access. But if brute-force methods allow a perp to completely factor the key in 2015, all that fun protection is meaningless. This is the lesson we're learning now.
Re-keying fiasco commencing.