Update For Minimum Certificate Key Length ( KB2661254)
Yes, you should apply this update. Note that this update affects not only your certificates, but all certificates you are using. Consider the following: you are accessing a web site over SSL (HTTPS) and remote server uses SSL certificate with 512bit key
and which is issued by a trusted CA. In this case, your web browser will show warning page that the presented certificate is invalid (even if it issued by a trusted CA).
Also, if you are using certificates from partners, you should check, whether their certificates conform all requirements. If not, they should consider to replace their certificates with stronger keys.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
October 15th, 2012 3:48am
All,
This question is related to Update For Minimum Certificate Key Length ( KB2661254)
We have Self sign certificate in my system (monitioring system) that has 1024 bit lenth.
Do we need to apply on that system on whichever we have Self sign certificate ?
If we do not patch on my system so what could be the impact ?
Thanks
Amit
Free Windows Admin Tool Kit Click here and download it now
October 16th, 2012 1:40am
Hi,
You should apply the update. It will block these trust certificates with RSA keys
less than 1024 bites in length.
Microsoft Security Advisory (2661254)
http://technet.microsoft.com/en-us/security/advisory/2661254
Microsoft Security Advisory: Update for minimum certificate key length
http://support.microsoft.com/kb/2661254
Best Regards,
AidenAiden Cao
TechNet Community Support
October 18th, 2012 1:28am
Hi,
You should apply the update. It will block these trust certificates with RSA keys
less than 1024 bites in length.
Microsoft Security Advisory (2661254)
http://technet.microsoft.com/en-us/security/advisory/2661254
Microsoft Security Advisory: Update for minimum certificate key length
http://support.microsoft.com/kb/2661254
Best Regards,
AidenAiden Cao
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
October 18th, 2012 1:28am
i All,
This question is related to Update For Minimum Certificate Key Length ( KB2661254)
We have Self sign certificate in my system (monitioring system) that has 1024 bit lenth.
Do we need to apply on that system on whichever we have Self sign certificate ?
If we do not patch on my system so what could be the impact ?
Thanks
Amit
November 4th, 2012 12:32am
Yes, you should apply this update. Note that this update affects not only your certificates, but all certificates you are using. Consider the following: you are accessing a web site over SSL (HTTPS) and remote server uses SSL certificate with 512bit key
and which is issued by a trusted CA. In this case, your web browser will show warning page that the presented certificate is invalid (even if it issued by a trusted CA).
Also, if you are using certificates from partners, you should check, whether their certificates conform all requirements. If not, they should consider to replace their certificates with stronger keys.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Windows PKI reference:
on TechNet wiki
Free Windows Admin Tool Kit Click here and download it now
November 4th, 2012 1:38am