Skip to main content

Weak keys

Related errors

  • "RSA key strength - Use an SSL certificate with an RSA key size of 2048 bits or larger."

  • "ECC key strength - Use an SSL certificate with an ECC key size of 233 bits or larger."

Problem

Continued use of weak keys in certificates puts your clients' sensitive data at risk. Exhaustive key searches or brute force attacks against certificates with weak keys are dangerous to network security.

As computational power increases, so does the need for stronger keys. The current acceptable key strength for an RSA (Rivest-Shamir-Adleman) key is 2048 bits. DigiCert only issues certificates with an RSA key of 2048 bits or higher. The current acceptable key strength for an ECC (Elliptical Curve Cryptology) key is 233 bits.

Solution

Reissue or renew your certificates either with an RSA key of 2048 bits (or higher) or an EEC key of 233 bits (or higher).