We have our own CA which we've used for years to create hundreds of server certs and thousands of client certs. The CA cert itself is 1024bit and the certs it signed are 1024bit
Symantec has been sending out emails to us regarding this "change now to 2048bit certs" due to some relationship we have with external certs we use, which has now got me worried.
What will happen in Oct? Will OS vendors push out software updates that DISABLE their own ability to interact with 1024bit certs? If so, we have a serious problem as we'll have to replace thousands of certs ASAP
Replacing client certs and the CA cert itself for new 2048bit ones will be a manual nightmare. Originally that had to be done manually for all platforms other than Windows (thank you Microsoft for GPOs!), so does this change require us to also replace the CA, or would having that existing 1024bit CA cert signing 2048bit client/server certs be enough to "work around" the issue