Google announced this week that it has begun upgrading its SSL certificates from 1024-bit keys to 2048-bit keys, a move that should help add an extra layer of security for anyone who uses the search giant’s services.
According to a post on Google’s Developers blog by Identity Team member Tim Bray Tuesday, the company is also planning to change its certificate chain.
All switches should be completed by the end of 2013.
Bray adds that some users, those who may use an old, “home-compiled version of OpenSSL with an out-of-date CA database” may have trouble with the changeover. Those who have embedded-client software – in certain types of phones, printers, set-top boxes, gaming consoles, and cameras – may also encounter some difficulties over the next several months as well.
Essentially any device that does not follow proper certificate validation or hard-codes the root could be affected.
Google announced it was planning to update its certificates on August 1 back in May – so it appears the company got an early jump on the project. At that time, Stephen McHenry, Google’s Director of Information Security Engineering claimed it was also going to change the root certificate to fall in line with the rest of the 2048-bit certificates.
Google’s Internet Authority has a complete rundown of the changes taking place and a F.A.Q. for anyone concerned the switch may cause a lapse in their internet connectivity.
“Certificates can change on a moment’s notice, and software that uses them must be prepared to deal with that,” Google reminds users in the F.A.Q.