{"id":431,"date":"2014-09-15T01:55:16","date_gmt":"2014-09-15T09:55:16","guid":{"rendered":"https:\/\/cheapsslsecurity.com\/blog\/?p=431"},"modified":"2021-01-26T09:13:19","modified_gmt":"2021-01-26T17:13:19","slug":"mozilla-firefox-protest-1024-bit-certificates","status":"publish","type":"post","link":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/","title":{"rendered":"Mozilla Firefox to Protest 1024-bit Certificates"},"content":{"rendered":"<p style=\"text-align: justify;\">Recently, Mozilla launched <strong>Firefox 32.0<\/strong>. This new version is all about enhanced security and upgraded safety features.<\/p>\n<p style=\"text-align: justify;\">As per Mozilla\u2019s <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/NSS\/NSS_3.16.3_release_notes#Notable_Changes_in_NSS_3.16.3\"><b>NSS (Network Security Service)\u2019s report<\/b><\/a>, they have ended their support of certificates with 1024-bit encryption strength and removed all such certificates and Code Signing certificates from their <a href=\"https:\/\/www.mozilla.org\/en-US\/firefox\/32.0\/releasenotes\/\"><b>trust bits<\/b><\/a>. And as a result of this elimination, Firefox will show an \u201cUntrusted Connection\u201d error for any website or software protected by certificates with encryption strength less than 2048-bit.<\/p>\n<p style=\"text-align: justify;\"><strong>Mozilla<\/strong> intends to cater to a more secure browsing environment for its users. Therefore, it is encouraging all website owners and admins to migrate from 1024-bit SSL certificates to more secure versions with 2048-bit encryption strength.<\/p>\n<p style=\"text-align: justify;\"><strong>1024-bit SSL certificates<\/strong> have been found to be vulnerable against advanced and innovative cyber-attacks being carried out by hackers. However, it is difficult and near impossible for attackers to compromise 2048-bit SSL certificates, which have a much longer key strength.<\/p>\n<p style=\"text-align: justify;\"><img decoding=\"async\" class=\"aligncenter wp-image-435\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/firefox.jpg\" alt=\"Firefox SSL\" width=\"494\" height=\"309\" \/>In Firefox 32.0, Mozilla has turned off support for 1024-bit SSL and code signing certificates. They are no longer being preferred by industry experts, not only because they are insecure or less trustworthy, but also due to some of the factors listed below:<\/p>\n<ol style=\"text-align: justify;\">\n<li>As per Certification Authority\/Browser (CA\/B) Forum guidelines, 2048-bit SSL certificate is mandatory from January 2014.<\/li>\n<li>Encryption strength of 1024-bit SSL certificates is far inferior compared to 2048-bit SSL certificates.<\/li>\n<li>Mozilla considers 1024-bit SSL certificates as highly vulnerable and weak in terms of security.<\/li>\n<li>As per <strong>NIST<\/strong> (National Institute of Standard &amp; Technology) 1024-bit certificates are dead and ineffectual as of 2013.<\/li>\n<\/ol>\n<p style=\"text-align: justify;\">According to the latest research and analysis by <strong><i>Rapid7.com <\/i><\/strong>on 1024-bit SSL certificates, about 107,000 websites are now not trusted by Mozilla due to the withdrawn support.<\/p>\n<p style=\"text-align: justify;\">It is now mandatory for all websites (still relying on 1024-bit SSL certificates) to migrate to SSL certificates with 2048-bit or higher encryption strength.<\/p>\n<h2 style=\"text-align: justify;\">How do I migrate from 1024-bit SSL to 2048-bit SSL Certificates?<\/h2>\n<p style=\"text-align: justify;\"><b>Option 1:<\/b> If your website is protected with a 1024-bit SSL certificate, then it is mandatory for you to purchase a new SSL certificate with higher encryption strength and install it in on to your web server.<\/p>\n<p style=\"text-align: justify;\"><b>Option 2:<\/b> If your website\u2019s intermediate SSL certificate is 1024-bit, then you just need to download a 2048-bit intermediate certificate through your certificate provider and update your certificate chain on your web server.<\/p>\n<p style=\"text-align: justify;\">In the first quarter of 2015, Mozilla projects to complete the migration of 1024-bit certificates. It is also considering phasing out certificates by providers like Thawte, VeriSign, Equifax and GTE CyberTrust that have 1024-bit roots. Therefore, in 2015, Mozilla will not trust any 1024-bit SSL certificate, no matter the source.<\/p>\n<p style=\"text-align: justify;\"><strong>Google Chrome<\/strong> has also considered SHA-1 algorithm as insecure and has announced its plans to start the process of eliminating SHA-1 as a trusted algorithm. They have also started encouraging website owners\/admins to start using <strong>SHA-2<\/strong> to secure their websites.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, Mozilla launched Firefox 32.0. This new version is all about enhanced security and upgraded safety features. As per Mozilla\u2019s NSS (Network Security Service)\u2019s report, they have ended their support of certificates with 1024-bit encryption strength and removed all such certificates and Code Signing certificates from their trust bits. And as a result of this<\/p>\n","protected":false},"author":8,"featured_media":435,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[135],"tags":[],"class_list":{"0":"post-431","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-website-security"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mozilla Firefox to protest 1024-bit SSL Certficates<\/title>\n<meta name=\"description\" content=\"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mozilla Firefox to protest 1024-bit SSL Certficates\" \/>\n<meta property=\"og:description\" content=\"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/\" \/>\n<meta property=\"og:site_name\" content=\"Savvy Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cheapsslsecurities\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-15T09:55:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-26T17:13:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"469\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Savvy Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Savvy Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/\"},\"author\":{\"name\":\"Savvy Security\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"headline\":\"Mozilla Firefox to Protest 1024-bit Certificates\",\"datePublished\":\"2014-09-15T09:55:16+00:00\",\"dateModified\":\"2021-01-26T17:13:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/\"},\"wordCount\":483,\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/Firefox.jpg\",\"articleSection\":[\"Website Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/\",\"name\":\"Mozilla Firefox to protest 1024-bit SSL Certficates\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/Firefox.jpg\",\"datePublished\":\"2014-09-15T09:55:16+00:00\",\"dateModified\":\"2021-01-26T17:13:19+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"description\":\"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/Firefox.jpg\",\"contentUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/Firefox.jpg\",\"width\":750,\"height\":469,\"caption\":\"SEC_ERROR_EXPIRED_CERTIFICATE Firefox\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/mozilla-firefox-protest-1024-bit-certificates\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla Firefox to Protest 1024-bit Certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\",\"name\":\"Savvy Security\",\"description\":\"Practical cybersecurity advice\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\",\"name\":\"Savvy Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"caption\":\"Savvy Security\"},\"description\":\"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\\\/7 security teams.\",\"sameAs\":[\"blogadmin\"],\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/author\\\/blogadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla Firefox to protest 1024-bit SSL Certficates","description":"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/","og_locale":"en_US","og_type":"article","og_title":"Mozilla Firefox to protest 1024-bit SSL Certficates","og_description":"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.","og_url":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/","og_site_name":"Savvy Security","article_publisher":"https:\/\/www.facebook.com\/cheapsslsecurities","article_published_time":"2014-09-15T09:55:16+00:00","article_modified_time":"2021-01-26T17:13:19+00:00","og_image":[{"width":750,"height":469,"url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg","type":"image\/jpeg"}],"author":"Savvy Security","twitter_card":"summary_large_image","twitter_creator":"@sslsecurity","twitter_site":"@sslsecurity","twitter_misc":{"Written by":"Savvy Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#article","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/"},"author":{"name":"Savvy Security","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"headline":"Mozilla Firefox to Protest 1024-bit Certificates","datePublished":"2014-09-15T09:55:16+00:00","dateModified":"2021-01-26T17:13:19+00:00","mainEntityOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/"},"wordCount":483,"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg","articleSection":["Website Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/","url":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/","name":"Mozilla Firefox to protest 1024-bit SSL Certficates","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#primaryimage"},"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg","datePublished":"2014-09-15T09:55:16+00:00","dateModified":"2021-01-26T17:13:19+00:00","author":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"description":"Finally, Mozilla have decided to quit support on 1024 bit SSLs and Code Signing certificates from its trust bits.","breadcrumb":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#primaryimage","url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg","contentUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2014\/09\/Firefox.jpg","width":750,"height":469,"caption":"SEC_ERROR_EXPIRED_CERTIFICATE Firefox"},{"@type":"BreadcrumbList","@id":"https:\/\/cheapsslsecurity.com\/blog\/mozilla-firefox-protest-1024-bit-certificates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cheapsslsecurity.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Mozilla Firefox to Protest 1024-bit Certificates"}]},{"@type":"WebSite","@id":"https:\/\/cheapsslsecurity.com\/blog\/#website","url":"https:\/\/cheapsslsecurity.com\/blog\/","name":"Savvy Security","description":"Practical cybersecurity advice","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cheapsslsecurity.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493","name":"Savvy Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","caption":"Savvy Security"},"description":"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\/7 security teams.","sameAs":["blogadmin"],"url":"https:\/\/cheapsslsecurity.com\/blog\/author\/blogadmin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/431","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/comments?post=431"}],"version-history":[{"count":0,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/431\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media\/435"}],"wp:attachment":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media?parent=431"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/categories?post=431"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/tags?post=431"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}