Sep 11, 2012 7:00:00 AM
Microsoft Security Update: Digital Certificate Key Length Minimum 1,024 Bits

Microsoft security update to block access to digital certificates that have a key length of less than 1,024 bits on 10/9/12

In a world where speed and simplicity are preferred, the size of a certificate key is nowhere to skimp. The strength of a digital certificate is primarily based on the length of the key. Microsoft issued a warning to all Windows Administrators: all digital certificates must have a key length of at least 1,024 bits. Certificates containing key lengths shorter will be automatically declined beginning October 9, 2012 as a result of an automatic security update for Windows.

Still securing apps/websites with certificates bearing key lengths less than 1,024 bits? What exactly will be affected:

  • Broken web links (Internet Explorer connection to pages blocked)
  • Windows Certificate authority service unable to start
  • ActiveX controls could be blocked
  • Users may be unable to install applications
  • Outlook 2010 not able to encrypt or digitally sign emails/communicate with an Exchange server for SSL/TLS communications
  • Operations Manager unable to monitor--or discover new instances of--any HP-UX PA-RISC computers *

Download the update kit here.

Resources:

*Microsoft Warns Of Looming Digital Certificate Deadline

RSA keys under 1024 bits are blocked (part 1)

Blocking RSA Keys less than 1024 bits (part 2)

Blocking RSA keys less than 1024 bits (part 3)