As part of our continuous effort to increase Internet security for Google and for our users,
we are in the process of migrating from 1024-bit to 2048-bit certificates. We will also be
changing our certificate chain.
This roll-out has already started and will be completed in the next few months.
We asked some of our experts if they could think of scenarios where client software might have
trouble with this change, and came up with a couple. The first is people who are using a very
old home-compiled version of OpenSSL with an out-of-date CA database. Then there are instances
of embedded-client software with (against the best advice of all the experts) hard-coded
certificate logic, perhaps for reasons of saving space.
