What you should know about the planned change to Windows certificate requirements in October 2012: Security Advisory 2661254

This morning, the Microsoft Security Response Center published its monthly security bulletins.  One thing you should do, if you haven’t already, is evaluate your environments for dependencies on certificates with RSA key length less than 1024 bits. In October the bar gets raised on certificate requirements in an effort to help create a safer more trusted Internet for everyone. 

You can read all the details of the new requirements in this advisory published back on August 14, 2012: Microsoft Security Advisory (2661254), Update For Minimum Certificate Key Length

It’s important to evaluate environments and reissue certificates where existing ones no longer meet the new minimum certificate requirements.  Otherwise you might encounter known issues that could impact email (S/MIME), Web (https), as well as signed ActiveX controls and Applications. To help with the transition, I strongly recommend evaluating your environments with the update provided in Security Advisory (2661254). Should you experience challenges with the update, Knowledge Base article 2661254 has been created with resolutions for known issues.   I also recommend reading the Windows PKI blog post on these changes, located here: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx.

Tim Rains
Director
Trustworthy Computing

About the Author
Tim Rains

Director, Trustworthy Computing

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »