Yes, you should apply this update. Note that this update affects not only your certificates, but all certificates you are using. Consider the following: you are accessing a web site over SSL (HTTPS) and remote server uses SSL certificate with 512bit key and which is issued by a trusted CA. In this case, your web browser will show warning page that the presented certificate is invalid (even if it issued by a trusted CA). Also, if you are using certificates from partners, you should check, whether their certificates conform all requirements. If not, they should consider to replace their certificates with stronger keys.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

All, This question is related to Update For Minimum Certificate Key Length ( KB2661254) We have Self sign certificate in my system (monitioring system) that has 1024 bit lenth. Do we need to apply on that system on whichever we have Self sign certificate ? If we do not patch on my system so what could be the impact ? Thanks Amit

Hi, You should apply the update. It will block these trust certificates with RSA keys less than 1024 bites in length. Microsoft Security Advisory (2661254) http://technet.microsoft.com/en-us/security/advisory/2661254 Microsoft Security Advisory: Update for minimum certificate key length http://support.microsoft.com/kb/2661254 Best Regards, AidenAiden Cao TechNet Community Support

Hi, You should apply the update. It will block these trust certificates with RSA keys less than 1024 bites in length. Microsoft Security Advisory (2661254) http://technet.microsoft.com/en-us/security/advisory/2661254 Microsoft Security Advisory: Update for minimum certificate key length http://support.microsoft.com/kb/2661254 Best Regards, AidenAiden Cao TechNet Community Support

i All, This question is related to Update For Minimum Certificate Key Length ( KB2661254) We have Self sign certificate in my system (monitioring system) that has 1024 bit lenth. Do we need to apply on that system on whichever we have Self sign certificate ? If we do not patch on my system so what could be the impact ? Thanks Amit

Yes, you should apply this update. Note that this update affects not only your certificates, but all certificates you are using. Consider the following: you are accessing a web site over SSL (HTTPS) and remote server uses SSL certificate with 512bit key and which is issued by a trusted CA. In this case, your web browser will show warning page that the presented certificate is invalid (even if it issued by a trusted CA). Also, if you are using certificates from partners, you should check, whether their certificates conform all requirements. If not, they should consider to replace their certificates with stronger keys.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki