What Bit Length should I select in the SSL Certificate Management Tool?

Maximum website encryption protection.

In our Certificate Management tool, you can quickly and easily order a Secure Socket Layer (SSL) certificate (we offer certs from Trustwave).

During the ordering step where you are creating a Certificate Signing Request (CSR), you are asked what bit length you would like to use. The default is 2048-bit, which is the industry standard for CSRs.

The bit length essentially determines how hard the key utilized in your SSL certificate would be to crack. The key size or length is the size measured in bits of the key used in a cryptographic algorithm. The processing power of today's computers has lessened the time it takes to break the algorithms used in secure certificate private keys. 

In 2007, the laboratory that developed RSA (an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers) claimed that 1024-bit keys would become crackable by 2010 and that 2048-bit keys would be sufficient until 2030. At the time, they also stated an RSA key length of 3072 bits should be used if security is required beyond 2030. Their findings continue to be found as factual and remain the industry standard. 

To protect ecommerce users, the Certificate Authority Browser Forum, whose members include Apple, Microsoft, DigiCert, Entrust, GeoTrust, Symantec, and Trustwave, established new standards (effective July 1, 2012) for secure certificates that require a minimum of 2048-bit keys.

Add Feedback