Google upgrading all SSL certificates to 2048-bit keys by end of 2013

Google upgrading all SSL certificates to 2048-bit keys by end of 2013

Summary: Google is upgrading the certificates it users to ensure communications with its services remain private and secure.

TOPICS: Security, Google

In line with industry trends, Google will be upgrading all its SSL certificates to 2048 bit keys by the end of 2013.

Google will begin moving to the stronger certificates from 1 August and will also change its root certificate — used to sign all its SSL certificates — which currently has a 1024-bit key.

The company announced the upgrade to ensure a smooth transition for client software that connect with Google over the SSL, for example with HTTPS.

Although Google does not expect the change to cause major problems for client software, it has listed a number of examples of improper validation that could cause issues when connecting to Google over SSL, typically in the form of HTTPS.

Google notes that client software on embedded devices in phones, printers, set-top boxes, gaming consoles and cameras may require "extra steps" to avoid complications. Devices like these that don't have an update mechanism and have their own certificate validation separate to the underlying OS may have hard-coded the Root it expects to see, Google notes in the FAQ.

Windows Vista, 7 and 8 machines could also face teething problems, according to Google. "Windows Vista, 7 and 8 will phone home to get updated Roots if the chain goes back to a Root they do not recognise. XP does not, but the latest updated version does trust the root certificate we will be using," Google said.

Google's move to SSL certificates with 2048 bit length keys is inline with an industry shift away from 1024 bit keys.

The Certificate Authority/Browser Forum has required that certificate authorities only issue certificates with a minimum 2048-bit length by 1 January 2014, since 1024 bit keys are at risk of being compromised by hackers using computers with more powerful processing capabilities.

Topics: Security, Google

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • All Kind Of Moot...

    ...until someone comes up with a more robust TLS/SSL trust model that doesn't require every browser to trust every CA for every domain.
  • Is there a certificates for dummies

    That goes over how to implement certificates in a small business setup that has their own internal mail server, FTP/File sharing site, etc... Everything I've found is either "buy it and just plug it in" or "lets start with the theory of random number encryption".
    • Re: own internal mail server, FTP/File sharing site, etc

      For use only by your own staff, or the general public?
    • What is your platform?

      Windows, linux, ??? An what are your mail server/ftp sever?
    • Back up a level

      I'm looking for non system specific information
  • Yes 1024 will not work anymore from Aug 2013

    As per Symantec and CA Authority Announcement 1024 bit SSL will not work anymore so everyone have to upgrade their OLD 1024 bit SSL Certificate to 2048 Bit SSL.