Problem with SSL

Submitted by spool on Wed, 12/12/2012 - 15:16

The following message popped up today:

Your system is using an SSL certificate that is only 1024 bits long, which is smaller than the recommended size of 2048 bits. This certificate was issued by US to avenue.org for the domain avenue.org.

All the documentation for upgrading to 2048 is dated prior to 2010 and our server has been running fairly smoothly since mid-2009.

I clicked on "Request New Certificate" without success.

Our certificate was purchased from goDaddy and doesn't expire until next year. I'm working in the dark because it was originally installed by a consultant who is no longer available.

Any advice is appreciated.

Stella Pool avenue.org Charlottesville, VA

Status: 
Active

Comments

Submitted by andreychek on Wed, 12/12/2012 - 15:24

Howdy -- you can always wait until next year to resolve that issue. It just means you'd be using a 1024 bit key in the meantime.

Next year, when your SSL certificate expires, we'd recommend generating a new one that is 2048 bits.

To do that, when you go into Server Configuration -> Manage SSL Certificate -> Signing Request to generate your CSR, just make sure that "RSA key size" is set to 2048 (which should be the default).

Submitted by JamieCameron on Wed, 12/12/2012 - 15:44

Also, be aware that some browsers like IE 10 don't support certs smaller than 2048 bits.

Submitted by spool on Wed, 12/12/2012 - 16:30

Are you saying there is no way to fix it right away?

I understand the need for a 2048 certificate. What I don't understand is why this message suddenly popped up today and not when the certificate was installed since 2048 has been the standard for a couple of years.

Stella

Submitted by andreychek on Wed, 12/12/2012 - 16:38

The only way to fix it is to generate a new CSR, and then obtain a new SSL certificate from your provider. That's simplest to do whenever you're renewing the SSL cert.

That message popped up now, as detection for lower bit keys just went into Virtualmin 3.97. So you probably just upgraded to the newest Virtualmin version :-)

Submitted by spool on Wed, 12/12/2012 - 17:01

That explains it. I had a couple other warning messages but was able to resolve them. Thanks for the clarification.

Stella