Issuance requires keys to be at least 2048 bits RSA or 256 bits ECC

SHA-256 is default for all new SSL Certificates

Supporting Certificate Transparency by embedding SCTs into the certificates

At least 64 bits of entropy in Certificate Serial Numbers

Compliance with CA/Browser Forum’s Baseline Requirements