Google upgrading all SSL certificates to 2048-bit keys by end of 2013

Google is upgrading the certificates it users to ensure communications with its services remain private and secure.

In line with industry trends, Google will be upgrading all its SSL certificates to 2048 bit keys by the end of 2013.

Google will begin moving to the stronger certificates from 1 August and will also change its root certificate — used to sign all its SSL certificates — which currently has a 1024-bit key.

The company announced the upgrade to ensure a smooth transition for client software that connect with Google over the SSL, for example with HTTPS.

Although Google does not expect the change to cause major problems for client software, it has listed a number of examples of improper validation that could cause issues when connecting to Google over SSL, typically in the form of HTTPS.

Google notes that client software on embedded devices in phones, printers, set-top boxes, gaming consoles and cameras may require "extra steps" to avoid complications. Devices like these that don't have an update mechanism and have their own certificate validation separate to the underlying OS may have hard-coded the Root it expects to see, Google notes in the FAQ.

Windows Vista, 7 and 8 machines could also face teething problems, according to Google. "Windows Vista, 7 and 8 will phone home to get updated Roots if the chain goes back to a Root they do not recognise. XP does not, but the latest updated version does trust the root certificate we will be using," Google said.

Google's move to SSL certificates with 2048 bit length keys is inline with an industry shift away from 1024 bit keys.

The Certificate Authority/Browser Forum has required that certificate authorities only issue certificates with a minimum 2048-bit length by 1 January 2014, since 1024 bit keys are at risk of being compromised by hackers using computers with more powerful processing capabilities.