What you should know about the planned change to Windows certificate requirements in October 2012: Security Advisory 2661254

This morning, the Microsoft Security Response Center published its monthly security bulletins.  One thing you should do, if you haven’t already, is evaluate your environments for dependencies on certificates with RSA key length less than 1024 bits. In October the bar gets raised on certificate requirements in an effort to help create a safer more trusted Internet for everyone. 

You can read all the details of the new requirements in this advisory published back on August 14, 2012: Microsoft Security Advisory (2661254), Update For Minimum Certificate Key Length

It’s important to evaluate environments and reissue certificates where existing ones no longer meet the new minimum certificate requirements.  Otherwise you might encounter known issues that could impact email (S/MIME), Web (https), as well as signed ActiveX controls and Applications. To help with the transition, I strongly recommend evaluating your environments with the update provided in Security Advisory (2661254). Should you experience challenges with the update, Knowledge Base article 2661254 has been created with resolutions for known issues.   I also recommend reading the Windows PKI blog post on these changes, located here: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx.

Tim Rains
Trustworthy Computing

About the Author
Tim Rains

Director, Security

Tim Rains is Director, Security at Microsoft where he helps manage marketing communications for Microsoft Cloud & Enterprise security, identity, and enterprise mobility products and services. Formerly, Tim was Chief Security Advisor of Microsoft’s Enterprise Cybersecurity Group where he helped Read more »