As computer processing power is increasing everyday, so breaking 1024-bit private key algorithms will be possible by 2011. So we will need to generate minimum 2048-bit RSA Private Keys for new SSL Certificates or renewals.
I have recently faced similar case while I had given older CSR which I gave last year for the renewal to GoDaddy and it didn’t worked due to security reasons.
We need to simply regenerate Private Key and CSR with the help of following OpenSSL command:
openssl req -nodes -newkey rsa:2048 -keyout new-digitss.key -out new-digitss.csr
This will generate 2048-bit key file and after that it will ask few basic information about the entity being certified. Private Key file generated with above command won’t have secret pass-phrase so it won’t be a problem deploying them on Windows based Apache server setups or either on Linux platforms. But if you really want to have pass-phrase then please refer to a previous post and replace it with 2048 or 4096 instead of 1024 which is being used in commands or just remove the “-nodes” from the above command which will ask for a pass-phrase.
Removing the “-nodes” option from the above mentioned openssl command will ask for a pass-phrase and encrypt the private key. This can increase security, but please note that the pass-phrase will be required each time Apache is started. In that case you need to get a un-secure private key for your Windows based Apache setup. It is as simple as writing following line of command on OpenSSL.
rsa -in digitss.key -out unsecured.digitss.key
Above OpenSSL command will give unsecured private key which will have pass-phrase removed and so can be used with Windows based Apache setups.
For more detailed information on CSR generation please refer following post: (Just use 2048 or 4096 instead of 1024 to make it work)
See GoDaddy Help for detailed reason on: Why does my CSR need to be 2048 bit length?
CSR Generation Instructions for Rest of the Web-Servers: Certificate Signing Request (CSR) Generation Instructions