The certificate request used must have a key length of at least 2048 bit for new orders / renewals. All orders which do not correspond with this specification are rejected.

This specification has been implemented based on the following recommendations and guidelines:

- The NIST (National Institute of Standards and Technology), based in the USA, recommends a general increase in key length to 2048 bits by the end of 2010

- Since December 31, 2010, the Microsoft Windows® Root Certificate Program has prohibited registered CAs from issuing certificates with a key length smaller than 2048 bits under a public root.