dnswatchdog.iodocs
Issues

Weak Certificate Key

The certificate uses a weak cryptographic key.

Severity: Warning

What does this mean?

The SSL/TLS certificate uses a cryptographic key that is too short to be considered secure. Specifically, RSA keys shorter than 2048 bits or ECDSA keys shorter than 256 bits are flagged. The key is the mathematical foundation of the certificate's encryption — a weak key means the encryption can potentially be broken.

Why this is a problem

Cryptographic keys work by making it computationally infeasible to guess the private key from the public key. As computers get faster, shorter keys become easier to crack. A 1024-bit RSA key, once considered secure, can now be broken with sufficient computing resources. If an attacker cracks the key, they can impersonate the server and decrypt all traffic.

What you should do

  • Generate a new certificate with a stronger key (RSA 2048-bit or higher, or ECDSA 256-bit or higher)
  • RSA 4096-bit or ECDSA 384-bit are good choices for long-term security
  • Most modern certificate authorities will not issue certificates with weak keys, so this likely indicates an old certificate
  • Update your certificate generation process to use strong key sizes by default

Self-Signed Certificate

The certificate is self-signed and not trusted by browsers.

HTTP 404 Not Found

The web endpoint returns a 404 Not Found error.

On this page

What does this mean?Why this is a problemWhat you should do