Vendor plans to revoke certs using anything other than 2048-bit keys by the end of the year If customers don’t revoke weak SSL certs soon, Symantec will do it for them. Everyone else is advised to do so by December 31.In a company blog post, vice president of Symantec Trust Services, Tom Powledge, said that in order to “help its customers” during the holiday season, Symantec will revoke SSL certificates that are using something other than 2048-bit keys.The security giant is making this move as a preemptive measure against the pending December 31 deadline imposed by the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology (NIST) for Certificate Authorities to halt the issue of 1024-bit certificates.The reason for the change is technical. Simply put, the CA/B and NIST realized that as computing power expands, the strength of certificates needs to grow too, else they can become vulnerable to compromise by determined attackers. In 2011, the CA/B updated their Baseline Requirements to address weak SSL certificates, in addition to other things such as length of time they’re valid. In August, Google started switching all of their certificates to 2048-bits, following plans outlined in May, which include issuing a new root certificate as the previous one used a 1024-bit key. Google is the first of many companies following the CA/B guidance. Others planning to make the switch, if they haven’t already, include Mozilla, Apple, Microsoft and Opera.According to their timeline, Symantec says that customers with SSL certificates less than 2048-bits that expire before December 31 will not have them revoked automatically on October 1. However, when they’re renewed, they must be at least 2048-bits. All other customers with SSL certificates less than 2048-bits that expire after December 31, will have the next 16 days to revoke and replace them, before Symantec revokes them. “If you do not act before your certificate is revoked, it could lead to any number of less-than-ideal situations: browsers blocking visitors from your website, customers receiving security warnings before visiting, transactions left unprotected and susceptible to fraud, and Trust Seals disappearing from your website,” Symantec warned.Symantec customers who wish to test their certificates to see if they’ll need upgraded, can do so here. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe