Author Photo
By Tim Bray, Google Identity Team

As part of our continuous effort to increase Internet security for Google and for our users, we are in the process of migrating from 1024-bit to 2048-bit certificates. We will also be changing our certificate chain.

This roll-out has already started and will be completed in the next few months.

We asked some of our experts if they could think of scenarios where client software might have trouble with this change, and came up with a couple. The first is people who are using a very old home-compiled version of OpenSSL with an out-of-date CA database. Then there are instances of embedded-client software with (against the best advice of all the experts) hard-coded certificate logic, perhaps for reasons of saving space.

Having said that, most client software should work just fine. Feel free to visit our Frequently Asked Questions page for more info and, to be sure, test your clients against cert-test.sandbox.google.com.


Tim says: By day, I help in the struggle against passwords on the Internet.
The rest of my life is fully documented on my blog.


Posted by Scott Knaster, Editor