Confirm, administrator
5,526
edits
Changes
→Dates for Phasing out MD5-based signatures and 1024-bit moduli
** CAs who continue to issue certificates with RSA key size smaller than 2048 bits must use randomness in the serial number or in one of the fields in the DN.
* '''December 31, 2013''' – Mozilla will disable begin disabling or remove removing all root certificates with RSA key sizes smaller than 2048 bits. Note that there were some long-lived SSL certs that were issued before this policy was put in place, as long as the Mozilla CA Cert Policy continues to be followed and there is no evidence of breaches regarding these certs, they will be allowed to expire before the root is removed.
Caveats to proposed dates:
