Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on July 30, 2013

Google starts upgrading its SSL certificates to 2048-bit keys, hopes to finish by end of 2013

Google starts upgrading its SSL certificates to 2048-bit keys, hopes to finish by end of 2013 Image by: KIMIHIRO HOSHINO
Emil Protalinski
Story by

Emil Protalinski

Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

Google today announced it has already started upgrading all of its SSLcertificates to 2048-bit keys. The goal is to beef up the encryption on the connections made to its services.

Google says the upgrade, which includes the root certificate that the company uses to sign all of its SSL certificates, will be completed “in the next few months.” Previously, however, Google was more specific and said it was aiming to finish the process by the end of 2013.

Of course, Google also planned to start the process on August 1, but today (July 30) the company revealed it had “already started.” The decision to start early is likely a decision related to how much work there is ahead.

Google previously said some configurations will require extra steps to avoid complications. The company specifically mentioned client software embedded in devices such as some phones, printers, set-top boxes, gaming consoles, and cameras.

Client software that makes SSL connections to Google (usually in the form of HTTPS) thus must adhere to the following requirements:

  • Perform normal validation of the certificate chain.
  • Include a properly extensive set of root certificates contained.
  • Support Subject Alternative Names (SANs).

For the second point, Google offers an example set in its FAQ which should be sufficient. The company also notes clients should, but are not required to, support the Server Name Indication (SNI) extension as they may need to make an extra API call to set the hostname on an SSL connection.

Most users and businesses will not be affected by this whole process. If you think you will be, however, you’ll want to read over the more technical details in this document: How to Use X.509 Certificates and SSL For Secure Communications.

See also – Google’s CIO explains the challenge of keeping data secure: ‘We spend a lot of time worrying about it’

Top Image Credit: Kimihiro Hoshino/Getty Images