Via PRIVACY Forum:
Hm.. this might be no big deal if not for public key pinning and CA
pinning in modern browsers of certain sites, they could just get
themselves 2048 bit certificates from any CA...
So what could otherwise be a routine certificate change, may have some
unusual extra baggage attached to it -- requiring end users performing
software code update in their only slightly outdated browsers,
instead of just switching certificates, so they stop getting big red
SSL errors when trying to perform searches via Google...
From what it looks like, I'd assume they'll be sticking with a CA that has
a 2048 bit certificate as well.
Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...