First time I don' t agree with you ;) Until not long ago 1024 bit RSA keys were considered sufficiently strong because cracking them using brute force by systematically trying all possible combinations was viewed as impractical due to the computing power and time required. However, following the recent revelations about the mass data collection programs of the NSA and its investments in groundbreaking cryptanalysis, that' s no longer the case. " After more revelations, and expert analysis, we still aren' t precisely sure what crypto the NSA can break," Robert Graham, the CEO of security firm Errata Security, said in a blog post in September. " But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no ' breakthroughs,' the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they' ve got fairly public deals with IBM foundries to build chips." Increasing the key length for SSL certificates is not a new development, as many certificate authorities have stopped issuing new certificates with 1024-bit keys for a while. The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, a set of guidelines published by the Certification Authority/Browser (CAB) Forum, states that all newly issued certificates that have a validity period ending after Dec. 31, 2013, should have 2048-bit RSA keys. According to a November 2013 scan done by the SSL Pulse project, 96 percent of the Internet' s top 162,480 HTTPS-enabled sites already use SSL certificates with 2048-bit keys. So far away from your 50% ;) Owh and Google revoked all of its 1024-bit certificates, for some reason I guess ;) Back to your suggestions, sounds everything clear for me, thank you very much.

I want to point out the following;

According to a November 2013 scan done by the SSL Pulse project, 96 percent of the Internet' s top 162,480 HTTPS-enabled sites already use SSL certificates with 2048-bit keys. So far away from your 50% ;) Owh and Google revoked all of its 1024-bit certificates, for some reason I guess ;)

If you read very closely; 96% of the top internet websites. Repeat TOP internet sites. That' s a far stretch form 50% of the internet websites are using 1024 bit & that I ' m betting is the norm. A few 5+ years ago nobody was ever building CSR with 2K bit keys. I' m betting quite a few non websites that uses SSL encryption are still on 1K bit keys. But not to beat the horse any deader.... I knew a few CA have start mandate 2K bit keys & will issue 2K bit supported certificates, but that' s only been like less than 1 yrs iirc. If NSA is developing technology to to crack 1K bit keys that' s tell us there' s a lot of 1K bit keys out on internet. We are far safe ( now ) from NSA ( or any other intelligence community ) and bruting-force cracking 1K bit keys or websites. We are probably more at risk with bad passphrases, bad system passwords, bad storage, and bad security habits overall, but each in his own on what size key is need for security. If your going to purchase a SSL certificate (now) it would make 100% sense to get a 2K or even heck a 3072 or 4048 bit key size if that makes you feel even safer. But 1K bit key and being compromised is only tinfoil at this time. When some one comes up with proof of NSA or anybody else has crack a 1K bit ssl key, than I will eat my words. And still if you want to be 100% safe you need ephemeral supported browsers and servers that ensure PFS for session key. Being bored I check all of my current fortigate gear admin allowaccess and all have 2K bit keys, all of the few devices I check for sslvpn portal had 2K and same for fortimail. All of of IPS and other gear had 2K bit keys support. The only security devices that I have that didn' t have 2K bit keys where my cisco ASAs. I' m curious as to what are you checking and that' s a fortinet product that has a 1K bit key and what version of code? It has to be quite old or not up to modern FortiOS version. So if I had to guess, you have a very old device if it' s a fortinet product or running some old OS.

So how are you determining public_key sizes? openssl s_client x.x.x.x:443? ssl lab? comodo? or some thing else? I would be surprise if a fortigate pubkey is 1k bits on anything new, just curious

FireFox cert details - Public Key: Modulus (1024 Bits) Or DigiCert checking tool: https://www.digicert.com/help Common Name = FWF60DXXXXX Issuer = support Serial Number = 99999 SHA1 Thumbprint = XXXXC94A0700C8FXXXXXX Key Length = 1024 bit Signature algorithm = SHA1 + RSA (good) Secure Renegotiation: Supported

Interesting; Issuer = " Support" looks like it' s not a factory certificate if you ask me. Even the serial number looks suspect; The issues on a few things I spot check should be the unit SN# or DigiCert SHA2 High Assurance Server CA e.g Issuer: O=Fortinet Ltd., CN=FGXXXC3G0961xxx Either way, check from the cli or better if you like openssl, openssl s_client -connect x.x.x.x:443 | openssl x509 -text or if you want to see date and serial# openssl s_client -connect x.x.x.x:443 | openssl x509 -dates -serial -issuer -alias Where x.x.x.x = the fortigate https enabled interfaces. Also is this are you 100% sure this is isn' t a VIP or is this local factory cert that your testing? You can always change the certificates via cmd cli ( I find this the easiest method YMMV ) config vpn cert local edit < give your cert a name use the name of the cert or whatever > set password set private-key set cert And you can change the cert used via the system global. config sys global (global) # set admin-server-cert Available Certificates: self-sign Fortinet_CA_SSLProxy Fortinet_Factory Fortinet_Firmware Fortinet_Wifi CER01 BYS6 DEBUGcrt I hope that helps but that cert doesn' t look like a fortinet certificate.

Of course I changed the CN and SN before postiing here ;) Btw, I' ve got answer from Support:

Hi Marco, You are right, I double checked on different models in version 5.2.x and the public key is 1024. Please contact local Fortinet Partner and submit a New Feature Request because this should be taken in consideration by developers team. Thank you